Abstract
It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA. We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.
Keywords
Part of this work is an output of the “Turbo-signatures” project, supported by the French Ministry of Research.
Work supported in part by the Australian Research Council.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Ajtai, R. Kumar and D. Sivakumar, A sieve algorithm for the shortest lattice vector problem, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001 601–610.
L. Babai, On Lovász lattice reduction and the nearest lattice point problem, Combinatorica, 6 (1986), 1–13.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1109 (1996), 129–142.
D. Boneh and R. Venkatesan, Rounding in lattices and its cryptographic applications, Proc. 8-rd Annual ACM-SIAM Symp. on Discr. Algorithms, ACM, NY, 1997, 675–681.
M. Drmota and R. Tichy, Sequences, discrepancies and applications, Springer-Verlag, Berlin, 1997.
N. A. Howgrave-Graham and N. P. Smart, Lattice attacks on digital signature schemes, Designs, Codes and Cryptography, (to appear).
R. Kannan, Algorithmic geometry of numbers, Annual Review of Comp. Sci., 2 (1987), 231–267.
S.V. Konyagin and I. E. Shparlinski, Character sums with exponential functions and their applications, Cambridge Univ. Press, Cambridge, 1999.
R. Kuipers and H. Niederreiter, Uniform distribution of sequences, Wiley-Interscience, NY, 1974.
A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, 261 (1982), 515–534.
R. Lidl and H. Niederreiter, Finite fields, Cambridge University Press, Cambridge, 1997.
A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.
C. J. Moreno and O. Moreno, Exponential sums and Goppa codes, I, Proc. Amer. Math. Soc., 111 (1991), 523–531.
P. Q. Nguyen, The dark side of the hidden number problem: Lattice attacks on DSA, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 321–330.
P. Q. Nguyen and I. E. Shparlinski, The insecurity of the Digital Signature Algorithm with partially known nonces, J. of Cryptology, to appear.
P. Q. Nguyen and J. Stern, The hardness of the hidden subset sum problem and its cryptographic implications, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1666 (1999), 31–46.
H. Niederreiter, Random number generation and quasi-Monte Carlo methods, SIAM, Philadelphia, 1992.
K. Nyberg and R. A. Rueppel, Message recovery for signature schemes based on the discrete logarithm problem, J. Cryptology, 8 (1995), 27–37.
B. Schneier, Applied cryptography, J. Wiley, NY, 1996.
C. P. Schnorr, A hierarchy of polynomial time basis reduction algorithms, Theor. Comp. Sci., 53 (1987), 201–224.
C. P. Schnorr and M. Euchner, Lattice basis reduction: improved practical algorithms and solving subset sum problems, Math. Programming, 66 (1994), 181–199.
V. Shoup, Number Theory C++ Library (NTL), Available at http://www.shoup.net/ntl/.
I. M. Vinogradov, Elements of number theory, Dover Publ., New York, 1954.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mahassni, E.E., Nguyen, P.Q., Shparlinski, I.E. (2001). The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces. In: Silverman, J.H. (eds) Cryptography and Lattices. CaLC 2001. Lecture Notes in Computer Science, vol 2146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44670-2_9
Download citation
DOI: https://doi.org/10.1007/3-540-44670-2_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42488-8
Online ISBN: 978-3-540-44670-5
eBook Packages: Springer Book Archive