The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces

Authors:
Edwin El Mahassni;Phong Q. Nguyen;Igor Shparlinski
Affiliations:
-;-;-
Venue:
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Year:
2001

Citing 11
Cited 4

On Lova´sz' lattice reduction and the nearest lattice point problem

Combinatorica
A hierarchy of polynomial time lattice basis reduction algorithms

Theoretical Computer Science
Random number generation and quasi-Monte Carlo methods

Random number generation and quasi-Monte Carlo methods
Lattice basis reduction: improved practical algorithms and solving subset sum problems

Mathematical Programming: Series A and B
Finite fields

Finite fields
Rounding in lattices and its cryptographic applications

SODA '97 Proceedings of the eighth annual ACM-SIAM symposium on Discrete algorithms
A sieve algorithm for the shortest lattice vector problem

STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Lattice Attacks on Digital Signature Schemes

Designs, Codes and Cryptography
Handbook of Applied Cryptography

Handbook of Applied Cryptography
The Hardness of the Hidden Subset Sum Problem and Its Cryptographic Implications

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology

On the Generalised Hidden Number Problem and Bit Security of XTR

AAECC-14 Proceedings of the 14th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
The Hidden Number Problem in Extension Fields and Its Applications

LATIN '02 Proceedings of the 5th Latin American Symposium on Theoretical Informatics
Hidden Number Problem with the Trace and Bit Security of XTR and LUC

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Two Faces of Lattices in Cryptology

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices

Quantified Score

Hi-index	0.01

Visualization

Abstract

It has recently been proved by Nguyen and Shparlinski that the Digital Signature Algorithm (DSA) is insecure when a few consecutive bits of the random nonces k are known for a reasonably small number of DSA signatures. This result confirmed the efficiency of some heuristic lattice attacks designed and numerically verified by Howgrave-Graham and Smart. Here, we extend the attack to the Nyberg-Rueppel variants of DSA.We use a connection with the hidden number problem introduced by Boneh and Venkatesan and new bounds of exponential sums which might be of independent interest.