On the Security of RDSA

13 years 9 months ago

Download www.ssi.gouv.fr

A variant of Schnorr’s signature scheme called RDSA has been proposed by I. Biehl, J. Buchmann, S. Hamdy and A. Meyer in order to be used in ﬁnite abelian groups of unknown order such as the class group of imaginary quadratic orders. We describe in this paper a total break of RDSA under a plain known-message attack for the parameters that were originally proposed. It recovers the secret signature key from the knowledge of less than 10 signatures of known messages, with a very low computational complexity. We also compare a repaired version of RDSA with GPS scheme, another Schnorr variant with similar properties and we show that GPS should be preferred for most of the applications. Keywords. Signature scheme, cryptanalysis, DSA variant, knownmessage attack, lattice reduction, GPS.

Pierre-Alain Fouque, Guillaume Poupard

Real-time Traffic

Cryptography | EUROCRYPT 2003 | Imaginary Quadratic Orders | Schnorr’s Signature Scheme | Signature Scheme |

claim paper

Post Info
More Details (n/a)

Added	06 Jul 2010
Updated	06 Jul 2010
Type	Conference
Year	2003
Where	EUROCRYPT
Authors	Pierre-Alain Fouque, Guillaume Poupard

Comments (0)

Sciweavers

On the Security of RDSA

Cryptography | EUROCRYPT 2003 | Imaginary Quadratic Orders | Schnorr’s Signature Scheme | Signature Scheme |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers