User impersonation in key certification schemes

In this note we exhibit some weakness in two key certification schemes. We show how a legitimate user can impersonate any other user in an ElGamal-based certification scheme, even if hashing is applied first. Furthermore, we show how anybody can impersonate users of the modular square root key certification scheme, if no hashing occurs before the certification. This shows that it is essential for this certification scheme to hash a message before signing it.


Published in:
Journal of Cryptology, 6, 4, 225 - 232
Year:
1993
ISSN:
09332790
Keywords:
Laboratories:




 Record created 2010-06-25, last modified 2018-01-28

External link:
Download fulltext
n/a
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)