On an implementation of the Mohan-Adiga algorithm
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A Survey of Encryption Standards
IEEE Micro
Group Signatures and Their Relevance to Privacy-Protecting Off-Line Electronic Cash Systems
ACISP '99 Proceedings of the 4th Australasian Conference on Information Security and Privacy
On the Security of RSA Padding
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Cryptographic Primitives for Information Authentication - State of the Art
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
Selective forgery of RSA signatures using redundancy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A chosen messages attack on the ISO/IEC 9796-1 signature scheme
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Cryptanalysis of countermeasures proposed for repairing ISO 9796-1
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
This paper describes a "digital signature scheme giving message recovery" in order to submit it to the public scrutiny of IACR (the International Association for Cryptologic Research). This scheme is currently prepared by Subcommittee SC27, Security Techniques, inside Joint Technical Committee JTC1, Information Technology, established by both ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission).The digital signature scheme specified in DIS 9796 does not involve any hash-function. It allows a minimum resource requirement for verification. And it avoids various attacks against the generic algorithms in use.Definition: An operation (addition, multiplication, power...) modulo n is "natural" when, being less than the modulus, the result does not involve the modulo reduction. -- Attacks by natural products -- The exponential function is the basis of the signature schemes based upon RSA (odd verification exponents), and more generally, based upon exponentials in a ring (including even verification exponents). Under the exponential function, the image of a product of several constants is the product of the images of these constants. A subtle and efficient attack has been recently formulated by Don Coppersmith against annex D of CCITT X509, alias ISO/IEC 9594-8. The attacks by natural products have been definitely excluded in DIS 9796. -- Attacks by natural powers -- If a natural 驴-th power is a legitimate argument of the secret function "raising to the power s mod n", then anyone can easily produce the natural 驴-th root of this argument as a legitimate signature. And even more dangerous, if the verification exponent is even, then signing a natural 驴-th power may reveal the modulus factorization (cf. Rabin syndrom). In DIS 9796, the natural powers cannot be legitimate arguments to the secret function "raising to the power s mod n".DIS 9796 is under a 6-month DIS ballot (closed in September 1990) by ISO and IEC Members. This is a major step towards the adoption of an International Standard.