Lattice attacks on digital signature schemes (Q5943686)

From MaRDI portal
Revision as of 23:44, 4 March 2024 by Import240304020342 (talk | contribs) (Set profile property.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
scientific article; zbMATH DE number 1652562
Language Label Description Also known as
English
Lattice attacks on digital signature schemes
scientific article; zbMATH DE number 1652562

    Statements

    Lattice attacks on digital signature schemes (English)
    0 references
    0 references
    0 references
    4 November 2001
    0 references
    The authors assume that \(h\) messages \(mi\) are known and a few bits of the ephemeral keys \(yi\) are known. Thus there are \(h\) equations \[ mi-si yi + x ri = 0\pmod p, \] whereby the \(x\) and \(h\) \(yi\) are unknown. The authors show how to break the digital signature by the lattice method if small numbers of bits of many \(yi\) are known.
    0 references
    security
    0 references
    LLL algorithm
    0 references
    digital signature
    0 references
    lattice attack
    0 references
    DSA
    0 references
    ElGamal signature
    0 references
    cryptanalysis
    0 references

    Identifiers