Abstract
We describe a lattice attack on the Digital Signature Algorithm (DSA) when used to sign many messages, mi, under the assumption that a proportion of the bits of each of the associated ephemeral keys, yi, can be recovered by alternative techniques.
Similar content being viewed by others
References
L. Babai, On Lovász lattice reduction and the nearest point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.
D. Boneh and G. Durfee, Cryptanalysis of RSA with private key of less than N0.292. Advances in Cryptology, EUROCRYPT' 99 (J. Stern, ed.), volume 1592, Lecture Notes in Computer Science, Springer-Verlag (1999) pp. 1–11.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology, CRYPTO' 96 (N. Koblitz, ed.), volume 1109, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 129–142.
D. Coppersmith, Finding a small root of a bivariate integer equation; factoring with high bits known. Advances in Cryptology, EUROCRYPT' 96 (U. Maurer, ed.), volume 1070, Lecture Notes in Computer Science, Springer-Verlag (1996) pp. 178–189.
D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vulnerabilities, J. of Cryptology, Vol. 10 (1997) pp. 233–260.
T. ElGamal, A public-key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, Vol. 31 (1985) pp. 469–472.
N. Howgrave-Graham, Finding small roots of univariate modular equations revisited, Proc. of Cryptography and Coding (Lect. Notes in Comp. Sci., Vol. 1355), Springer-Verlag (1997) pp. 131–142.
N. Howgrave-Graham, Computational mathematics inspired by RSA, PhD. Thesis, University of Bath (1999).
N. Howgrave-Graham and J-P. Seifert, Extending Wiener's attack in the presence of many decrypting exponents, Secure Networking—CQRE [Secure]' 99, (Lect. Notes in Comp. Sci., Vol. 1740), Springer-Verlag (1999) pp. 153–166.
A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann., Vol. 261 (1982) pp. 515–534.
V. Shoup, NTL: A Library for doing Number Theory http://www.shoup.net/
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Howgrave-Graham, N.A., Smart, N.P. Lattice Attacks on Digital Signature Schemes. Designs, Codes and Cryptography 23, 283–290 (2001). https://doi.org/10.1023/A:1011214926272
Issue Date:
DOI: https://doi.org/10.1023/A:1011214926272