On the Security of RDSA

Abstract : A variant of Schnorr's signature scheme called RDSA has been proposed by I. Biehl, J. Buchmann, S. Hamdy and A. Meyer in order to be used in finite abelian groups of unknown order such as the class group of imaginary quadratic orders. We describe in this paper a total break of RDSA under a plain known-message attack for the parameters that were originally proposed. It recovers the secret signature key from the knowledge of less than 10 signatures of known messages, with a very low computational complexity. We also compare a repaired version of RDSA with GPS scheme, another Schnorr variant with similar properties and we show that GPS should be preferred for most of the applications.
Type de document :
Communication dans un congrès
Eli Biham. Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, 2003, Warsaw, Poland. Springer, 2656, pp.462-476, 2003, Lecture Notes in Computer Science. 〈10.1007/3-540-39200-9_29〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00563964
Contributeur : Pierre-Alain Fouque <>
Soumis le : lundi 7 février 2011 - 16:29:00
Dernière modification le : mardi 24 avril 2018 - 17:20:13

Lien texte intégral

Identifiants

Collections

PSL

Citation

Pierre-Alain Fouque, Guillaume Poupard. On the Security of RDSA. Eli Biham. Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, 2003, Warsaw, Poland. Springer, 2656, pp.462-476, 2003, Lecture Notes in Computer Science. 〈10.1007/3-540-39200-9_29〉. 〈inria-00563964〉

Partager

Métriques

Consultations de la notice

45