(EC)DSA lattice attacks based on Coppersmith's method
نویسنده
چکیده
We provide an attack to (EC)DSA digital signature built upon Coppersmith’s method. We prove that, if a, k are the private and ephemeral key, respectively, of the (EC)DSA scheme and (k−1mod q)a < 0.262 · q, then we can efficiently find a.
منابع مشابه
The E ectiveness of Lattice Attacks AgainstLow - Exponent
At Eurocrypt '96, Coppersmith presented a novel application of lattice reduction to nd small roots of a univariate modular polynomial equation. This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications a la Hast ad. Theoretically, these are the most powerful know...
متن کاملKey-collisions in (EC)DSA: Attacking Non-repudiation
A new kind of attack on the non-repudiation property of digital signature schemes is presented. We introduce a notion of key-collisions, which may allow an attacker to claim that the message (presented to a judge) has been signed by someone else. We show how to compute keycollisions for the DSA and ECDSA signature schemes effectively. The main idea of these attacks has been inspired by the well...
متن کاملLattice Attacks on DSA Schemes Based on Lagrange's Algorithm
Using Lagrange’s algorithm for the computation of a basis of a 2-dimensional lattice formed by two successive minima, we present some attacks on DSA and ECDSA which permit us, under some assumptions, to compute the secret key of the scheme provided that one or two signed messages are given. MSC 2010: 94A60, 11T71, 11Y16.
متن کاملA Tool Kit for Partial Key Exposure Attacks on RSA
Thus far, partial key exposure attacks on RSA have been intensively studied using lattice based Coppersmith's methods. In the context, attackers are given partial information of a secret exponent and prime factors of (Multi-Prime) RSA where the partial information is exposed in various ways. Although these attack scenarios are worth studying, there are several known attacks whose constructions ...
متن کاملCoppersmith's lattices and "focus groups": an attack on small-exponent RSA
We present a principled technique for reducing the matrix size in some applications of Coppersmith’s lattice method for finding roots of modular polynomial equations. It relies on an analysis of the actual performance of Coppersmith’s attack for smaller parameter sizes, which can be thought of as “focus group” testing. When applied to the small-exponent RSA problem, it reduces lattice dimension...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Inf. Process. Lett.
دوره 116 شماره
صفحات -
تاریخ انتشار 2016