Conference paper

Attacks on the birational permutation signature schemes

Shamir (1993) presented a family of cryptographic signature schemes based on birational permutations of the integers modulo a large integer N of unknown factorization. These schemes are attractive because of the low computational requirements, both for signature generation and signature verification. However, the two schemes presented in Shamir's paper are weak. We show how to break the first scheme, by first reducing it algebraically to the earlier Ong-Schnorr-Shamir signature scheme (1984), and then applying the Pollard (1987) solution to that scheme. We then show some attacks on the second scheme. These attacks give ideas which can be applied to schemes in this general family


    • LASEC-CONF-1994-001

    Record created on 2007-01-18, modified on 2016-08-08

Related material