The insecurity of the digital signature algorithm with partially known nonces (Q1849602): Difference between revisions
From MaRDI portal
Created a new Item |
Set OpenAlex properties. |
||
(4 intermediate revisions by 3 users not shown) | |||
Property / reviewed by | |||
Property / reviewed by: Q189407 / rank | |||
Property / reviewed by | |||
Property / reviewed by: Richard A. Mollin / rank | |||
Normal rank | |||
Property / MaRDI profile type | |||
Property / MaRDI profile type: MaRDI publication profile / rank | |||
Normal rank | |||
Property / full work available at URL | |||
Property / full work available at URL: https://doi.org/10.1007/s00145-002-0021-3 / rank | |||
Normal rank | |||
Property / OpenAlex ID | |||
Property / OpenAlex ID: W2058546698 / rank | |||
Normal rank | |||
links / mardi / name | links / mardi / name | ||
Latest revision as of 01:11, 20 March 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | The insecurity of the digital signature algorithm with partially known nonces |
scientific article |
Statements
The insecurity of the digital signature algorithm with partially known nonces (English)
0 references
1 December 2002
0 references
The authors look at an attack on the Digital Signature Algorithm (DSA) which suggests cautionary use of pseudo-random generation of a nonce within DSA. In particular, they present a polynomial-time algorithm which recovers (provably) the signer's secret DSA key (under suitable and reasonable assumptions). Previous attacks were only heuristic, while this attack (which extends work of Boneh and Venkatesan) establishes uniformity statements on the DSA signatures. The efficiency of the attack has been verified experimentally.
0 references
cryptanalysis
0 references
DSA
0 references
lattices
0 references
LLL
0 references
closest vector problem
0 references
distribution
0 references
discrepancy
0 references
exponential sums
0 references