The Insecurity of Esign in Practical Implementations - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2003

The Insecurity of Esign in Practical Implementations

Résumé

Provable security usually makes the assumption that asource of perfectly random and secret data is available. However, in practical applications, and especially when smart cards are used, random generators are often far from being perfect or may be monitored using probing or electromagnetic analysis. The consequence is the need of a careful evaluation of actual security when idealized random generators are implemented. In this paper, we show that Esign signature scheme, like many cryptosystems, is highly vulnerable to so called partially known nonces attacks. Using a 1152-bit modulus, the generation of an Esign signature requires to draw at random a 768-bit integer. We show that the exposure of only 8 bits out of those 768 bits, for 57 signatures, is enough to recover the whole secret signature key in a few minutes. It should be clear that we do not cryptanalyze a good implementation of Esign nor do we find a theoretical flaw. However, our results show that random data used to generate signatures must be very carefully produced and protected against any kind of exposure, even partial. As an independent result, we show that the factorization problem is equivalent to the existence of an oracle returning the most or least significant bits of , on input S randomly chosen in .

Dates et versions

inria-00563968 , version 1 (07-02-2011)

Identifiants

Citer

Pierre-Alain Fouque, Nick Howgrave-Graham, Gwenaëlle Martinet, Guillaume Poupard. The Insecurity of Esign in Practical Implementations. Advances in Cryptology - ASIACRYPT 2003, 9th International Conference on the Theory and Application of Cryptology and Information Security, 2003, Taipei, Taiwan. pp.492-506, ⟨10.1007/978-3-540-40061-5_31⟩. ⟨inria-00563968⟩
34 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More