On the Security of RDSA

10 years 1 months ago
On the Security of RDSA
A variant of Schnorr’s signature scheme called RDSA has been proposed by I. Biehl, J. Buchmann, S. Hamdy and A. Meyer in order to be used in finite abelian groups of unknown order such as the class group of imaginary quadratic orders. We describe in this paper a total break of RDSA under a plain known-message attack for the parameters that were originally proposed. It recovers the secret signature key from the knowledge of less than 10 signatures of known messages, with a very low computational complexity. We also compare a repaired version of RDSA with GPS scheme, another Schnorr variant with similar properties and we show that GPS should be preferred for most of the applications. Keywords. Signature scheme, cryptanalysis, DSA variant, knownmessage attack, lattice reduction, GPS.
Pierre-Alain Fouque, Guillaume Poupard
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Authors Pierre-Alain Fouque, Guillaume Poupard
Comments (0)