Abstract
This paper specializes the signature forgery by Coron, Naccache and Stern (1999) to Rabin-type systems. We present a variation in which the adversary may derive the private keys and thereby forge the signature on any chosen message. Further, we demonstrate that, contrary to the RSA, the use of larger (even) public exponents does not reduce the complexity of the forgery. Finally, we show that our technique is very general and applies to any Rabin-type system designed in a unique factorization domain, including the Williams’ M 3 scheme (1986), the cubic schemes of Loxton et al. (1992) and of Scheidler (1998), and the cyclotomic schemes (1995).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
FIPS 180-1. Secure Hash Standard. Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce, April 1995.
IEEE Std 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, August 29, 2000.
ISO/IEC 9796. Information technology-Security techniques-Digital signature scheme giving message recovery, 1991.
Henri Cohen. A Course in Computational Algebraic Number Theory, volume 138 of Graduate Texts in Mathematics. Springer-Verlag, 1993.
Jean-Sébastien Coron, David Naccache, and Julien P. Stern. On RSA padding. In M. Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 1–18. Springer-Verlag, 1999.
Wiebren de Jonge and David Chaum. Attacks on some RSA signatures. In H. C. Williams, editor, Advances in Cryptology — CRYPTO’85, volume 218 of Lecture Notes in Computer Science, pages 18–27, 1986.
Marc Girault, Philippe Toffin, and Brigitte Vallée. Computation of approximate L-th root modulo n and application to cryptography. In S. Goldwasser, editor, Advances in Cryptology — CRYPTO’88, volume 403 of Lecture Notes in Computer Science, pages 110–117, 1990.
Burton S. Kaliski Jr. A layman’s guide to a subset of ASN.1, BER, and DER. RSA Laboratories Technical Note, RSA Laboratories, November 1993. Available at http://www.rsasecurity.com/rsalabs/pkcs/.
Donald E. Knuth. The Art of Computer Programming, v. 2. Seminumerical Algorithms. Addison-Wesley, 2nd edition, 1981.
Kaoru Kurosawa, Toshiya Itoh, and Masashi Takeuchi. Public key cryptosystem using a reciprocal number with the same intractability as factoring a large number. Cryptologia, 12(4):225–233, 1988.
Arjen K. Lenstra. Generating RSA moduli with a predetermined portion. In K. Ohta and D. Pei, editors, Advances in Cryptology — ASIACRYPT’98, volume 1514 of Lecture Notes in Computer Science, pages 1–10. Springer-Verlag, 1998.
Arjen K. Lenstra and Mark S. Manasse. Factoring with two large primes. Mathematics of Computation, 63:785–798, 1994.
J. H. Loxton, David S. Khoo, Gregory J. Bird, and Jennifer Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5(2):139–150, 1992.
Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
Peter L. Montgomery. A block Lanczos algorithm for finding dependencies over GF(2). In L. C. Guillou and J.-J. Quisquater, editors, Advances in Cryptology —EUROCRYPT’95, volume 921 of Lecture Notes in Computer Science, pages 106–120, 1995.
Michael O. Rabin. Digitized signatures and public-key functions as intractable as factorization. Technical Report LCS/TR-212, M.I.T. Lab. for Computer Science, January 1979.
Renate Scheidler. A public-key cryptosystem using purely cubic fields. Journal of Cryptology, 11(2):109–124, 1998.
Renate Scheidler and Hugh C. Williams. A public-key cryptosystem utilizing cyclotomic fields. Designs, Codes and Cryptography, 6:117–131, 1995.
Joseph H. Silverman. A Friendly Introduction to Number Theory. Prentice-Hall, 1997.
Robert D. Silverman and David Naccache. Recent results on signature forgery, April 1999. Available at http://www.rsasecurity.com/rsalabs/bulletins/sigforge.html.
Hugh C. Williams. A modification of the RSA public-key encryption procedure. IEEE Transactions on Information Theory, IT-26(6):726–729, 1980.
____ Some public-key crypto-functions as intractable as factorization. In G. R. Blakley and D. Chaum, editors, Advances in Cryptology — Proceedings of CRYPTO ’84, volume 196 of Lecture Notes in Computer Science, pages 66–70. Springer-Verlag, 1986.
____ Some public-key crypto-functions as intractable as factorization. Cryptologia, 9(3):223–237, 1985. An extended abstract appears in [25].
____ An M 3 public key encryption scheme. In H. C. Williams, editor, Advances in Cryptology — CRYPTO’85, volume 218 of Lecture Notes in Computer Science, pages 358–368. Springer-Verlag, 1986.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Joye, M., Quisquater, JJ. (2001). On Rabin-Type Signatures. In: Honary, B. (eds) Cryptography and Coding. Cryptography and Coding 2001. Lecture Notes in Computer Science, vol 2260. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45325-3_10
Download citation
DOI: https://doi.org/10.1007/3-540-45325-3_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43026-1
Online ISBN: 978-3-540-45325-3
eBook Packages: Springer Book Archive