The insecurity of the digital signature algorithm with partially known nonces (Q1849602): Difference between revisions
From MaRDI portal
Set profile property. |
Set OpenAlex properties. |
||
| Property / full work available at URL | |||
| Property / full work available at URL: https://doi.org/10.1007/s00145-002-0021-3 / rank | |||
Normal rank | |||
| Property / OpenAlex ID | |||
| Property / OpenAlex ID: W2058546698 / rank | |||
Normal rank | |||
Latest revision as of 01:11, 20 March 2024
scientific article
| Language | Label | Description | Also known as |
|---|---|---|---|
| English | The insecurity of the digital signature algorithm with partially known nonces |
scientific article |
Statements
The insecurity of the digital signature algorithm with partially known nonces (English)
0 references
1 December 2002
0 references
The authors look at an attack on the Digital Signature Algorithm (DSA) which suggests cautionary use of pseudo-random generation of a nonce within DSA. In particular, they present a polynomial-time algorithm which recovers (provably) the signer's secret DSA key (under suitable and reasonable assumptions). Previous attacks were only heuristic, while this attack (which extends work of Boneh and Venkatesan) establishes uniformity statements on the DSA signatures. The efficiency of the attack has been verified experimentally.
0 references
cryptanalysis
0 references
DSA
0 references
lattices
0 references
LLL
0 references
closest vector problem
0 references
distribution
0 references
discrepancy
0 references
exponential sums
0 references
