Bleichenbacher, D.Bosma, W.Lenstra, Arjen K.2010-06-242010-06-242010-06-24199510.1007/3-540-44750-4_31https://infoscience.epfl.ch/handle/20.500.14299/50999We review the well-known relation between Lucas sequences and exponentiation. This leads to the observation that certain public-key cryptosystems that are based on the use of Lucas sequences have some elementary properties their re-inventors were apparently not aware of. In particular, we present a chosen-message forgery for `LUC' [Smith, 1993] and [Smith and Lennon, 1993], and we show that `LUCELG' and `LUCDIF' [Smith, 1994] and [Smith and Skinner, 1994] are vulnerable to subexponential time attacks. This proves that various claims that were made about Lucas-based cryptosystems are incorrectbinary sequencescodespublic key cryptographytext::conference output::conference proceedings::conference paper