Lattice attacks on digital signature schemes (Q5943686)
From MaRDI portal
scientific article; zbMATH DE number 1652562
| Language | Label | Description | Also known as |
|---|---|---|---|
| English | Lattice attacks on digital signature schemes |
scientific article; zbMATH DE number 1652562 |
Statements
Lattice attacks on digital signature schemes (English)
0 references
4 November 2001
0 references
The authors assume that \(h\) messages \(mi\) are known and a few bits of the ephemeral keys \(yi\) are known. Thus there are \(h\) equations \[ mi-si yi + x ri = 0\pmod p, \] whereby the \(x\) and \(h\) \(yi\) are unknown. The authors show how to break the digital signature by the lattice method if small numbers of bits of many \(yi\) are known.
0 references
security
0 references
LLL algorithm
0 references
digital signature
0 references
lattice attack
0 references
DSA
0 references
ElGamal signature
0 references
cryptanalysis
0 references
