Generating Elgamal Signatures without Knowing the Secret Key ? ??
نویسنده
چکیده
We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.
منابع مشابه
Generating EIGamal Signatures Without Knowing the Secret Key
We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem.
متن کاملInsecure primitive elements in an ElGamal signature protocol
Consider the classical ElGamal digital signature scheme based on the modular relation α ≡ y r [p]. In this work, we prove that if we can compute a natural integer i such that α mod p is smooth and divides p − 1, then it is possible to sign any given document without knowing the secret key. Therefore we extend and reinforce Bleichenbacher’s attack presented at Eurocrypt’96.
متن کاملFault Attacks on Public Key Elements: Application to DLP-Based Schemes
Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the pu...
متن کاملA New Version of ElGamal Signature Scheme
In the original ElGamal signature scheme and it’s variants, two secret integers-private key and one-time secret key are required to produce a signature on a message, m. The private key of a system will be used throughout the life of the system whereas the one-time secret key only be used once and must be regenerated (different one-time secret key) when signing different message. This paper intr...
متن کاملWhy Textbook ElGamal and RSA Encryption Are Insecure
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing me...
متن کامل