Skip to main content
Journal ArticleOPEN ACCESS

Attacking DSA under a repeated bits assumption

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2004) 3156 428-440
DOI: 10.1007/978-3-540-28632-5_31
13Citations
Citations of this article
37Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We discuss how to recover the private key for DSA style signature schemes if partial information about the ephemeral keys is revealed. The partial information we examine is of a second order nature that allows the attacker to know whether certain bits of the ephemeral key are equal, without actually knowing their values. Therefore, we extend the work of Howgrave-Graham, Smart, Nguyen and Shparlinski who, in contrast, examine the case where the attacker knows the actual value of such bits. We also discuss how such partial information leakage could occur in a real life scenario. Indeed, the type of leakage envisaged by our attack would appear to be feasible than that considered in the prior work. © International Association for Cryptologic Research 2004.

Cite

CITATION STYLE

APA

Leadbitter, P. J., Page, D., & Smart, N. P. (2004). Attacking DSA under a repeated bits assumption. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3156, 428–440. https://doi.org/10.1007/978-3-540-28632-5_31

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free