Conference paper

Hidden collisions on DSS

We explain how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures (what we call a collision). This attack is thwarted by using the generation algorithm suggested in the specifications of the standard, so it proves one always need to check proper generation. We also present a similar attack when using this generation algorithm within a complexity 274, which is better than the birthday attack which seeks for collisions on the underlying hash function

Related material