Common Modulus and Chosen-Message Attacks on Public-Key Schemes with Linear Recurrence Relations
نویسنده
چکیده
We consider the linear recurrence relation Vt (x)=∑mi=1(aix+bi )Vt−i(x)+ cx+f wherem> 1, ai and bi , 16 i 6m, are integers. The RSA and LUC schemes can be defined by this relation. In this paper we show that if the linear recurrence relation has some properties, the public-key scheme based on it cannot withstand the common modulus and chosen-message attacks, no matter what the order m is and what the parameters for ai and bi , 16 i 6m, are. This implies that the LUC cryptosystem cannot withstand the common modulus attack and the LUC digital signature scheme cannot withstand the chosen-message attack. 1999 Elsevier Science B.V. All rights reserved.
منابع مشابه
An efficient certificateless signcryption scheme in the standard model
Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which ...
متن کاملPublic-Key Encryption Resilient to Linear Related-Key Attacks
In this paper, we consider the security of public-key encryption schemes under linear related-key attacks, where an adversary is allowed to tamper the private key stored in a hardware device, and subsequently observe the outcome of a public-key encryption system under this modified private key. Following the existing work done in recent years, we define the security model for related-key attack...
متن کاملRelated Message Attacks to Public Key Encryption Schemes: Relations among Security Notions
Consider a scenario in which an adversary, attacking a certain public key encryption scheme, gains knowledge of several ciphertexts which underlying plaintext are meaningfully related with a given target ciphertext. This kind of related message attack has been proved successful against several public key encryption schemes; widely known is the Franklin-Reiter attack to RSA with low exponent and...
متن کاملAnonymous Signcryption against Linear Related-Key Attacks
A related-key attack (RKA) occurs when an adversary tampers the private key stored in a cryptographic hardware device and observes the result of the cryptographic primitive under this modified private key. In this paper, we concentrate on the security of anonymous signcryption schemes under related-key attacks, in the sense that a signcryption system should contain no information that identifie...
متن کاملRelations among Privacy Notions for Signcryption and Key Invisible "Sign-then-Encrypt"
Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and ke...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Inf. Process. Lett.
دوره 70 شماره
صفحات -
تاریخ انتشار 1999