Practical algorithm substitution attack on extractable signatures

An algorithm substitution attack (ASA) can undermine the security of cryptographic primitives by subverting original implementation. ASA succeeds when it extracts secrets without being detected. To launch an on signature schemes, existing studies often needed to collect signatures with successive indices extract signing key. However, collection requires uninterrupted surveillance communication channel and a low transmission loss rate in practice. This hinders practical implementation current ASAs, thus causing users misbelieve that threat incurred is only theoretical far from reality. In this study, we first classify group schemes called extractable achieve traditional (unforgeability) reductions ending key extraction, demonstrating there generic approach for class signatures. Further, present ASAs which two no further requirements are extraction widely used discrete log-based such as DSA, Schnorr, modified ElGamal schemes. Our presents realistic applications, also be implemented open unstable environments vehicular ad hoc networks. Finally, prove proposed undetectable against polynomial time detectors physical timing analysis.