Skip to Main content Skip to Navigation
Conference papers

The Insecurity of Esign in Practical Implementations

Abstract : Provable security usually makes the assumption that asource of perfectly random and secret data is available. However, in practical applications, and especially when smart cards are used, random generators are often far from being perfect or may be monitored using probing or electromagnetic analysis. The consequence is the need of a careful evaluation of actual security when idealized random generators are implemented. In this paper, we show that Esign signature scheme, like many cryptosystems, is highly vulnerable to so called partially known nonces attacks. Using a 1152-bit modulus, the generation of an Esign signature requires to draw at random a 768-bit integer. We show that the exposure of only 8 bits out of those 768 bits, for 57 signatures, is enough to recover the whole secret signature key in a few minutes. It should be clear that we do not cryptanalyze a good implementation of Esign nor do we find a theoretical flaw. However, our results show that random data used to generate signatures must be very carefully produced and protected against any kind of exposure, even partial. As an independent result, we show that the factorization problem is equivalent to the existence of an oracle returning the most or least significant bits of , on input S randomly chosen in .
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/inria-00563968
Contributor : Pierre-Alain Fouque <>
Submitted on : Monday, February 7, 2011 - 4:29:02 PM
Last modification on : Thursday, July 1, 2021 - 5:32:36 PM

Links full text

Identifiers

Collections

Citation

Pierre-Alain Fouque, Nick Howgrave-Graham, Gwenaëlle Martinet, Guillaume Poupard. The Insecurity of Esign in Practical Implementations. Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security, 2003, Taipei, Taiwan. pp.492-506, ⟨10.1007/978-3-540-40061-5_31⟩. ⟨inria-00563968⟩

Share

Metrics

Record views

97