Abstract
Given a signature sfor some message malong with a corresponding public verification key yin a key substitution attack an attacker derives another verification key \(\overline{y}\) ≠ y—possibly along with a matching secret key—such that sis also a valid signature of mfor the verification key \(\overline{y}\). Menezes and Smart have shown that with suitable parameter restrictions DSA and EC-DSA are immune to such attacks. Here, we show that in the presence of a malicious signer key substitution attacks against several signature schemes that are secure in the sense introduced by Menezes and Smart can be mounted. While for EC-DSA such an attack is feasible, other established signature schemes, including EC-KCDSA, can be shown to be secure in this sense.
Similar content being viewed by others
References
Baek, J., Kim, K.: Remarks on the Unknown Key-Share Attacks. IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences E83-A(12), 2766–2769 (2000)
Baier, H.: Efficient algorithms for generating elliptic curves over finite fields suitable for use in cryptography. Ph.D. thesis, Technische Universität Darmstadt (2002)
Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: H. Imai, Y. Zheng (eds.) Public Key Cryptography. Second International Workshop on Practice and Theory in Public Key Cryptography, PKC '99, Lecture Notes in Computer Science, vol. 1560, pp. 154–170. Springer (1999)
Boneh, D., Boyen, X.: Short signatures without random oracles. In: C. Cachin, J. Camenisch (eds.) Advances in Cryptology—EUROCRYPT 2004, Lecture Notes in Computer Science, vol. 3027, pp. 56–73. Springer (2004)
Bosma, W., Cannon, J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24, 235–265 (1997)
Brickell, E., Pointcheval, D., Vaudenay, S., Yung, M.: Design validations for discrete logarithm based signature schemes. In: Y.Z.H. Imai (ed.) Third International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2000, Lecture Notes in Computer Science, vol. 1751, pp. 276–292. Springer (2000)
Geiselmann, W., Steinwandt, R.: A Key Substitution Attack on SFLASHv3. Journal of Discrete Mathematical Sciences & Cryptography (to appear)
Goldwasser, S., Micali, S., Rivest, R.L.: A “paradoxical” solution to the signature problem. In: Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science, pp. 441–448 (1984)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17, 281–308 (1988)
Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSign: Digital Signatures Using the NTRU Lattice. In: M. Joye (ed.) Topics in Cryptology—CT-RSA 2003: The Cryptographers' Track at the RSA Conference 2003, Lecture Notes in Computer Science, vol. 2612, pp. 122–140. Springer-Verlag Heidelberg (2003)
ISO/IEC 15946-1: Information technology—Security techniques—Cryptographic techniques based on elliptic curves—Part 1: General (2002)
ISO/IEC 15946-2: Information technology—Security techniques—Cryptographic techniques based on elliptic curves—Part 1: Digital Signatures (2002)
Menezes, A., Smart, N.: Security of signature schemes in a multi-user setting. Designs, Codes and Cryptography 33, 261–274 (2004)
Regulierungsbehörde für Telekommunikation und Post, R.: Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der Signaturverordnung (Übersicht über geeignete Algorithmen). To appear in Bundesanzeiger (2005). At the time of writing available at http://www.regtp.de/imperia/md/conte-nt/tech_reg_t/digisign/198.pdf
Rosa, T.: Key-collisions in (EC)DSA: Attacking Non-repudiation. Cryptology ePrint Archive: Report 2002/129 (2002). At the time of writing available at http://eprint.iacr.org/2002/129/
Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.P.: Flaws in Applying Proof Methodologies to Signature Schemes. In: M. Yung (ed.) Advances in Cryptology—CRYPTO 2002, Lecture Notes in Computer Science, vol. 2442, pp. 93–110. Springer (2002)
Tan, C.H.: Key Substitution Attacks on Some Provably Secure Signature Schemes. IEICE Transactions on Fundamentals E87–A(1), 1–2 (2004)
U.S. Department of Commerce, National Institute of Standards and Technology: FIPS PUB 186-2 Digital Signature Standard (DSS) + Change Notice 1 (October 2001) (2000). At the time of writing available electronically at the URL http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
Vaudenay, S.: Hidden collisions on DSS. In: N. Koblitz (ed.) Advances in Cryptology—CRYPTO '96, Lecture Notes in Computer Science, vol. 1109, pp. 83–88. Springer (1996)
Vaudenay, S.: The Security of DSA and ECDSA. In: Y. Desmedt (ed.) Public Key Cryptography—PKC 2003: 6th International Workshop on Practice and Theory in Public Key Cryptography, Lecture Notes in Computer Science, vol. 2567, pp. 309–323. Springer-Verlag (2003)
Vaudenay, S.: Digital signature schemes with domain parameters. In: V.V.H. Wang, J. Pieprzyk (eds.) Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Lecture Notes in Computer Science, vol. 3108, pp. 188–199. Springer-Verlag (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bohli, JM., Röhrich, S. & Steinwandt, R. Key substitution attacks revisited: Taking into account malicious signers. Int. J. Inf. Secur. 5, 30–36 (2006). https://doi.org/10.1007/s10207-005-0071-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-005-0071-2