The insecurity of the digital signature algorithm with partially known nonces (Q1849602): Difference between revisions
From MaRDI portal
Removed claim: reviewed by (P1447): Item:Q1231964 |
Changed an Item |
||
Property / reviewed by | |||
Property / reviewed by: Richard A. Mollin / rank | |||
Normal rank |
Revision as of 19:39, 22 February 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | The insecurity of the digital signature algorithm with partially known nonces |
scientific article |
Statements
The insecurity of the digital signature algorithm with partially known nonces (English)
0 references
1 December 2002
0 references
The authors look at an attack on the Digital Signature Algorithm (DSA) which suggests cautionary use of pseudo-random generation of a nonce within DSA. In particular, they present a polynomial-time algorithm which recovers (provably) the signer's secret DSA key (under suitable and reasonable assumptions). Previous attacks were only heuristic, while this attack (which extends work of Boneh and Venkatesan) establishes uniformity statements on the DSA signatures. The efficiency of the attack has been verified experimentally.
0 references
cryptanalysis
0 references
DSA
0 references
lattices
0 references
LLL
0 references
closest vector problem
0 references
distribution
0 references
discrepancy
0 references
exponential sums
0 references