A. Bauer and D. Vergnaud, Practical key recovery for discrete-logarithm based authentication schemes from random nonce bits. Full version of the paper, Cryptology ePrint Archive, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01214701

M. Bellare, S. Goldwasser, and D. Micciancio, pseudo-random" number generation within cryptographic algorithms: The DDS case, Advances in Cryptology -CRYPTO'97, vol.1294, pp.277-291, 1997.

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme, Journal of Cryptology, vol.16, issue.3, pp.185-215, 2003.

M. Bellare and A. Palacio, GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks, Advances in Cryptology -CRYPTO 2002, vol.2442, pp.162-177, 2002.

D. Bleichenbacher, On the generation of one-time keys in dl signature schemes. Presentation at IEEE P1363 Working Group meeting, 2000.

T. Elgamal, A public key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology -CRYPTO'84, vol.196, pp.10-18, 1984.

U. Feige, A. Fiat, and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, vol.1, issue.2, pp.77-94, 1988.

A. Fiat and A. Shamir, How to prove yourself: Practical solutions to identification and signature problems, Advances in Cryptology -CRYPTO'86, vol.263, pp.186-194, 1986.

M. Girault, Self-certified public keys, Advances in Cryptology -EUROCRYPT'91, vol.547, pp.490-497, 1991.

M. Girault, G. Poupard, and J. Stern, On the fly authentication and signature schemes based on groups of unknown order, Journal of Cryptology, vol.19, issue.4, pp.463-487, 2006.

J. , A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson et al., Lest we remember: Cold boot attacks on encryption keys, Proceedings of the 17th USENIX Security Symposium, pp.45-60, 2008.

W. Henecka, A. May, and A. Meurer, Correcting errors in RSA private keys, Advances in Cryptology -CRYPTO 2010, pp.351-369, 2010.

N. Heninger and H. Shacham, Reconstructing RSA private keys from random key bits, Advances in Cryptology -CRYPTO 2009, vol.5677, pp.1-17, 2009.

P. Horster, H. Petersen, and M. Michels, Meta-El-Gamal signature schemes, ACM CCS 94: 2nd Conference on Computer and Communications Security, pp.96-107, 1994.

H. Kuwakado and H. Tanaka, On the security of the elgamal-type signature scheme with small parameters, IEICE Transactions, issue.1, pp.93-97, 1999.

E. D. Mulder, M. Hutter, M. E. Marson, and P. Pearson, Using Bleichenbacher's solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA, Cryptographic Hardware and Embedded Systems -CHES 2013, vol.8086, pp.435-452, 2013.

, FIPS PUB 186-2: Digital Signature Standard (DSS). National Institute for Standards and Technology, 2000.

Q. Phong, I. Nguyen, and . Shparlinski, The insecurity of the digital signature algorithm with partially known nonces, Journal of Cryptology, vol.15, issue.3, pp.151-176, 2002.

G. Kenneth, A. Paterson, D. L. Polychroniadou, and . Sibborn, A codingtheoretic approach to recovering noisy RSA keys, Advances in Cryptology -ASIACRYPT 2012, vol.7658, pp.386-403, 2012.

C. Percival, Cache missing for fun and profit, Proceedings of BSDCan, 2005.

G. Poupard and J. Stern, On the fly signatures based on factoring, ACM CCS 99: 6th Conference on Computer and Communications Security, pp.37-45, 1999.

C. Schnorr, Efficient signature generation by smart cards, Journal of Cryptology, vol.4, issue.3, pp.161-174, 1991.