The Insecurity of Esign in Practical Implementations

Abstract : Provable security usually makes the assumption that asource of perfectly random and secret data is available. However, in practical applications, and especially when smart cards are used, random generators are often far from being perfect or may be monitored using probing or electromagnetic analysis. The consequence is the need of a careful evaluation of actual security when idealized random generators are implemented. In this paper, we show that Esign signature scheme, like many cryptosystems, is highly vulnerable to so called partially known nonces attacks. Using a 1152-bit modulus, the generation of an Esign signature requires to draw at random a 768-bit integer. We show that the exposure of only 8 bits out of those 768 bits, for 57 signatures, is enough to recover the whole secret signature key in a few minutes. It should be clear that we do not cryptanalyze a good implementation of Esign nor do we find a theoretical flaw. However, our results show that random data used to generate signatures must be very carefully produced and protected against any kind of exposure, even partial. As an independent result, we show that the factorization problem is equivalent to the existence of an oracle returning the most or least significant bits of , on input S randomly chosen in .
Type de document :
Communication dans un congrès
Chi-Sung Laih. Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security, 2003, Taipei, Taiwan. Springer, 2894, pp.492-506, 2003, Lecture Notes in Computer Science. 〈10.1007/978-3-540-40061-5_31〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00563968
Contributeur : Pierre-Alain Fouque <>
Soumis le : lundi 7 février 2011 - 16:29:02
Dernière modification le : mardi 24 avril 2018 - 17:20:13

Lien texte intégral

Identifiants

Collections

Citation

Pierre-Alain Fouque, Nick Howgrave-Graham, Gwenaëlle Martinet, Guillaume Poupard. The Insecurity of Esign in Practical Implementations. Chi-Sung Laih. Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security, 2003, Taipei, Taiwan. Springer, 2894, pp.492-506, 2003, Lecture Notes in Computer Science. 〈10.1007/978-3-540-40061-5_31〉. 〈inria-00563968〉

Partager

Métriques

Consultations de la notice

49