Abstract
We present the first (1,2)-SETUP algorithm for the RSA digital signature scheme with appendix. A SETUP algorithm C′ is an algorithmic modification of algorithm C that (1) contains an asymmetric backdoor that can only be used by the designer, even if the backdoor algorithm is fully public, and (2) ensures that the public outputs of C and C′ are computationally indistinguishable under black-box queries. The SETUP is presented in RSASSA-PSS and it transmits the RSA private key within two w.l.o.g consecutive digital signatures. This problem has been solved for DSA and other discrete-log based digital signature algorithms, but not RSA. We therefore solve a long-standing problem in kleptography.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adleman, L.M., Manders, K., Miller, G.: On Taking Roots in Finite Fields. In: IEEE Foundations of Computer Science—FOCS 1977, pp. 175–177 (1977)
Anderson, R.J.: A Practical RSA Trapdoor. Elec. Letters 29(11) (1993)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: 1st Annual ACM CCCS, pp. 62–73 (1993)
Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Bellare, M., Rogaway, P.: PSS: Provably Secure Encoding Method for Digital Signatures. IEEE P1363 working group August 1998 (submission)
Bohli, J.M., Steinwandt, R.: On Subliminal Channels in Deterministic Signature Schemes. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 182–194. Springer, Heidelberg (2005)
Boneh, D.: The Decision Diffie-Hellman Problem. In: Third Algorithmic Number Theory Symposium, pp. 48–63 (1998)
Coppersmith, D.: Finding a small root of a bivariate integer equation; Factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)
Crépeau, C., Slakmon, A.: Simple Backdoors for RSA Key Generation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 403–416. Springer, Heidelberg (2003)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
NIST. Announcing Draft FIPS 180-2, Secure Hash Standard, and RFC. Federal Register, vol. 66(104), p. 29287 (2001)
NIST. Announcing Approval of FIPS 180-2, Secure Hash Standard; a Revision of FIPS 180-2. Federal Register, vol. 67(165), pp. 54785–54787 (2002)
Gaudry, P., Hess, F., Smart, N.: Constructive and Destructive Facets of Weil Descent on Elliptic Curves. Journal of Cryptology 15(1), 19–46 (2002)
IEEE P1363 working group. IEEE P1363a D10: Standard Specifications for Public Key Cryptography: Additional Techniques (November 1, 2001), available from http://grouper.ieee.org/groups/1363/
Joux, A., Nguyen, K.: Separating DDH from CDH in Cryptographic Groups. Journal of Cryptology 16(4), 239–247 (2003)
Kaliski, B.S.: A Pseudo-Random Bit Generator Based on Elliptic Logarithms. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 84–103. Springer, Heidelberg (1987)
Kaliski, B.S.: Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools. PhD Thesis, MIT (February 1988)
Kaliski, B.S.: One-Way Permutations on Elliptic Curves. Journal of Cryptology 3(3), 187–199 (1991)
Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton Computer Science Notes (1996)
Möller, B.: A Public-Key Encryption Scheme with Pseudo-Random Ciphertexts. In: Samarati, P., Ryan, P.Y A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 335–351. Springer, Heidelberg (2004)
PKCS #1 v2.1: RSA Cryptography Standard. RSA Labs (June 14, 2002)
Rabin, M.: Probabilistic Algorithms in Finite Fields. SIAM Journal on Computing 9, 273–280 (1980)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. CACM 21(2), 120–126 (1978)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wang, X., Ying, Y., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Young, A., Yung, M.: The Dark Side of Black-Box Cryptography, or: Should we trust Capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)
Young, A., Yung, M.: Kleptography: Using Cryptography Against Cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)
Young, A., Yung, M.: The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997)
Young, A., Yung, M.: A Space Efficient Backdoor in RSA and its Applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128–143. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Young, A., Yung, M. (2007). An Elliptic Curve Backdoor Algorithm for RSASSA. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds) Information Hiding. IH 2006. Lecture Notes in Computer Science, vol 4437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74124-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-74124-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74123-7
Online ISBN: 978-3-540-74124-4
eBook Packages: Computer ScienceComputer Science (R0)