Add to ORKGAbstract. We introduce an attack against the ISO/IEC 9796–1 digital signature scheme using redundancy, taking advantage of the multiplicative property of the RSA and Rabin cryptosystems. The forged signature of 1 message is obtained from the signature of 3 others for any public exponent v. For even v, the modulus is factored from the signature of 4 messages, or just 2 for v = 2. The attacker must select the above messages from a particular message subset, which size grows exponentialy with the public modulus bit size. The attack is computationally inexpensive, and works for any modulus of 16z, 16z ± 1, or 16z ± 2bits. This prompts the need to revise ISO/IEC 9796–1, or avoid its use in situations where an adversary could obtain the signature...
digital signatures, lattices * Internal Accession Date Only © Copyright Hewlett-Packard Company 1999...
This paper presents a novel hardware attack against RSA-based authentication of programs. Like the s...
Let us consider a system in which a group of entities have all the same encyption exponent e, but, e...
Abstract. At Crypto ’85, Desmedt and Odlyzko described a chosen-ciphertext attack against plain RSA ...
peer reviewedIn 1999, Coron, Naccache and Stern discovered an existential signature forgery for two ...
Abstract. Fault attacks exploit hardware malfunctions or induce them to recover secret keys embedded...
International audienceEfficient implementations of RSA on computationally limited devices, such as s...
Seifert recently described a new fault attack against an implementation of RSA signature verificatio...
peer reviewedFault attacks exploit hardware malfunctions to recover secrets from embedded electronic...
ABSTRACT: Public-key signature systems can be vulnerable to attack if the protocols for signing mess...
In CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) introduced the multiple fault at...
Abstract. This paper presents three new attacks on the RSA cryp-tosystem. The first two attacks work...
We present a theoretical model for breaking various cryptographic schemes by taking advantage of ran...
Abstract: The security of the Rivest-Shamir-Adelman (RSA) public key algorithm depends on the diffic...
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC)...
digital signatures, lattices * Internal Accession Date Only © Copyright Hewlett-Packard Company 1999...
This paper presents a novel hardware attack against RSA-based authentication of programs. Like the s...
Let us consider a system in which a group of entities have all the same encyption exponent e, but, e...
Abstract. At Crypto ’85, Desmedt and Odlyzko described a chosen-ciphertext attack against plain RSA ...
peer reviewedIn 1999, Coron, Naccache and Stern discovered an existential signature forgery for two ...
Abstract. Fault attacks exploit hardware malfunctions or induce them to recover secret keys embedded...
International audienceEfficient implementations of RSA on computationally limited devices, such as s...
Seifert recently described a new fault attack against an implementation of RSA signature verificatio...
peer reviewedFault attacks exploit hardware malfunctions to recover secrets from embedded electronic...
ABSTRACT: Public-key signature systems can be vulnerable to attack if the protocols for signing mess...
In CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) introduced the multiple fault at...
Abstract. This paper presents three new attacks on the RSA cryp-tosystem. The first two attacks work...
We present a theoretical model for breaking various cryptographic schemes by taking advantage of ran...
Abstract: The security of the Rivest-Shamir-Adelman (RSA) public key algorithm depends on the diffic...
ISO/IEC 9797-1 is an international standard for block-cipher-based Message Authentication Code (MAC)...
digital signatures, lattices * Internal Accession Date Only © Copyright Hewlett-Packard Company 1999...
This paper presents a novel hardware attack against RSA-based authentication of programs. Like the s...
Let us consider a system in which a group of entities have all the same encyption exponent e, but, e...