The insecurity of the digital signature algorithm with partially known nonces (Q1849602): Difference between revisions

From MaRDI portal
Added link to MaRDI item.
RedirectionBot (talk | contribs)
Property / reviewed by
 
Property / reviewed by: Q189407 / rank
Normal rank
 

Revision as of 19:39, 22 February 2024

scientific article
Language Label Description Also known as
English
The insecurity of the digital signature algorithm with partially known nonces
scientific article

    Statements

    The insecurity of the digital signature algorithm with partially known nonces (English)
    0 references
    0 references
    0 references
    1 December 2002
    0 references
    The authors look at an attack on the Digital Signature Algorithm (DSA) which suggests cautionary use of pseudo-random generation of a nonce within DSA. In particular, they present a polynomial-time algorithm which recovers (provably) the signer's secret DSA key (under suitable and reasonable assumptions). Previous attacks were only heuristic, while this attack (which extends work of Boneh and Venkatesan) establishes uniformity statements on the DSA signatures. The efficiency of the attack has been verified experimentally.
    0 references
    cryptanalysis
    0 references
    DSA
    0 references
    lattices
    0 references
    LLL
    0 references
    closest vector problem
    0 references
    distribution
    0 references
    discrepancy
    0 references
    exponential sums
    0 references

    Identifiers