On the Security of RDSA - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2003

On the Security of RDSA

Résumé

A variant of Schnorr's signature scheme called RDSA has been proposed by I. Biehl, J. Buchmann, S. Hamdy and A. Meyer in order to be used in finite abelian groups of unknown order such as the class group of imaginary quadratic orders. We describe in this paper a total break of RDSA under a plain known-message attack for the parameters that were originally proposed. It recovers the secret signature key from the knowledge of less than 10 signatures of known messages, with a very low computational complexity. We also compare a repaired version of RDSA with GPS scheme, another Schnorr variant with similar properties and we show that GPS should be preferred for most of the applications.

Domaines

Cryptographie et sécurité [cs.CR]

Pierre-Alain Fouque  : Connectez-vous pour contacter le contributeur

https://inria.hal.science/inria-00563964

Soumis le : lundi 7 février 2011-16:29:00

Dernière modification le : vendredi 19 avril 2024-16:18:55

Consulter le texte intégral

Dates et versions

inria-00563964 , version 1 (07-02-2011)

Identifiants

Citer

Pierre-Alain Fouque, Guillaume Poupard. On the Security of RDSA. Advances in Cryptology - EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, 2003, Warsaw, Poland. pp.462-476, ⟨10.1007/3-540-39200-9_29⟩. ⟨inria-00563964⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

ENS-PARIS CNRS INRIA PSL
34 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More