The Newton Channel

Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question in the affirmative; the ElGamal signature scheme has such a channel. Thus, contrary to popular belief, the design of the DSA does not maximise the covert utility of its signatures, but minimises them. Our construction also shows that many discrete log based systems are insecure: they operate in more than one group at a time, and key material may leak through those groups in which discrete log is easy. However, the DSA is not vulnerable in this way.

Published in:
the First International Workshop on Information Hiding, 1174, 151-156
Presented at:
the First International Workshop on Information Hiding, Cambridge, UK

 Record created 2007-01-19, last modified 2018-03-17

Download fulltextPS
External link:
Download fulltextURL
Rate this document:

Rate this document:
(Not yet reviewed)