Abstract
In [2], Anderson and Needham describe the kernel of a general attack against protocols that encrypt before signing. The Anderson-Needham attack allows the receiver of an encrypted, signed message to take the sender's valid signature and forge another message for which the signature remains valid. In this paper, we complete the attack for the case where RSA [11] is the encryption algorithm, extend its application, and discuss practical issues related to implementation.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Needham, R.: SRC Research Report 125: Prudent Engineering Practice for Cryptographic Protocols. Digital Systems Research Center, Palo Alto (1994)
Anderson, R., Needham, R.: Robustness Principles for Public Key Protocols. In: Coppersmith, D. (ed.): Advances in Cryptology — CRYPTO '95. Lecture Notes in Computer Science, Vol. 963. Springer-Verlag, Berlin Heidelberg (1995) 236–247
Cohen, H.: A Course in Computational Algebraic Number Theory. Springer-Verlag, Berlin Heidelberg (1993)
ElGamal, T.: A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakley, G.R., Chaum, D. (eds.): Advances in Cryptology — CRYPTO '84. Lecture Notes in Computer Science, Vol. 196. Springer-Verlag, Berlin Heidelberg (1985) 10–18
ITU-T X.509 and ISO 9594-8. Information Technology—Open Systems Interconnection — The Directory: Authentication Framework. Geneva (1993)
ISO/IEC CD 11770-3. Information technology—Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques. Geneva (1996)
Johnson, D., Matyas, S.: Asymmetric Encryption: Evolution and Enhancements. In: RSA Laboratories' CryptoBytes, 2(1). RSA Laboratories, Redwood City (Spring 1996) 1–6
NBS FIPS PUB 46: Data Encryption Standard. National Bureau of Standards, US. Department of Commerce (Jan 1977)
Pinch, R.: private communication (1998)
Pohlig, S.C., Hellman, M.E.: An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance. In: IEEE Transactions on Information Theory, Vol. IT-24 (1978) 106–110
Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. In: Communications of the ACM, 21(2) (Feb 1978) 120–126
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, M., Hughes, E. (1998). Protocol failures related to order of encryption and signature computation of discrete logarithms in RSA groups. In: Boyd, C., Dawson, E. (eds) Information Security and Privacy. ACISP 1998. Lecture Notes in Computer Science, vol 1438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053737
Download citation
DOI: https://doi.org/10.1007/BFb0053737
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64732-4
Online ISBN: 978-3-540-69101-3
eBook Packages: Springer Book Archive