Hidden collisions on DSS

We explain how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures (what we call a collision). This attack is thwarted by using the generation algorithm suggested in the specifications of the standard, so it proves one always need to check proper generation. We also present a similar attack when using this generation algorithm within a complexity 2<sup>74</sup>, which is better than the birthday attack which seeks for collisions on the underlying hash function


Published in:
The 16th Annual International Cryptology Conference, Advances in Cryptology - CRYPTO'96, 1109, 83-88
Presented at:
The 16th Annual International Cryptology Conference, Advances in Cryptology - CRYPTO'96, Santa Barbara, CA, USA, August 18-22, 1996
Year:
1996
Laboratories:




 Record created 2007-01-18, last modified 2018-03-17

n/a:
Download fulltextPS
External link:
Download fulltextURL
Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)