The quadratic sieve factoring algorithm
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Attacks on some RSA signatures
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Which new RSA-signatures can be computed from certain given RSA-signatures?
Journal of Cryptology - Eurocrypt '90
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Asymptotic semismoothness probabilities
Mathematics of Computation
Digital signatures with RSA and other public-key cryptosystems
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
On the Security of Some Variants of the RSA Signature Scheme
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
A Multiplicative Attack Using LLL Algorithm on RSA Signatures with Redundancy
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Generating RSA Moduli with a Predetermined Portion
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
How (not) to Design RSA Signature Schemes
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A subexponential algorithm for the discrete logarithm problem with applications to cryptography
SFCS '79 Proceedings of the 20th Annual Symposium on Foundations of Computer Science
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Selective forgery of RSA signatures using redundancy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure and Private Distribution of Online Video and Some Related Cryptographic Issues
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
On Hash Function Firewalls in Signature Schemes
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Privacy Protection for Transactions of Digital Goods
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
An Efficient and Practical Scheme for Privacy Protection in the E-Commerce of Digital Goods
ICISC '00 Proceedings of the Third International Conference on Information Security and Cryptology
Security Proof for Partial-Domain Hash Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Why Textbook ElGamal and RSA Encryption Are Insecure
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Proceedings of the 8th IMA International Conference on Cryptography and Coding
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Fault attacks against EMV signatures
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
On the joint security of encryption and signature in EMV
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Randomization enhanced Chaum's blind signature scheme
Computer Communications
Detailed cost estimation of CNTW attack against EMV signature scheme
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Mass transit ticketing with NFC mobile phones
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Untraceable Blind Signature Schemes Based on Discrete Logarithm Problem
Fundamenta Informaticae
Anonymous reputation based reservations in e-commerce (amnesic)
Proceedings of the 13th International Conference on Electronic Commerce
| Hi-index | 0.00 |
This paper presents a new signature forgery strategy. The attack is a sophisticated variant of Desmedt-Odlyzko's method [11] where the attacker obtains the signatures of m1;...; mΤ-1 and exhibits the signature of an mΤ which was never submitted to the signer; we assume that all messages are padded by a redundancy function µ before being signed. Before interacting with the signer, the attacker selects Τ smooth1 µ(mi)- values and expresses µ(mΤ) as amultiplicative combination of the padded strings µ(m1);...; µ(mΤ-1). The signature of mΤ is then forged using the homomorphic property of RSA. A padding format that differs from iso 9796-1 by one single bit was broken experimentally (we emphasize that we could not extend our attack to iso 9796-1); for iso 9796-2 the attack is more demanding but still much more efficient than collision-search or factoring. For din ni-17.4, PKCS #1 v2.0 and SSL-3.02, the attack is only theoretical since it only applies to specific moduli and happens to be less efficient than factoring; therefore, the attack does not endanger any of these standards.