We explain how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures (what we call a collision). This attack is thwarted by using the generation algorithm suggested in the specifications of the Standard, so it proves one always need to check proper generation. We also present a similar attack when using this generation algorithm within a complexity 274, which is better than the birthday attack which seeks for collisions on the underlying hash function.
CITATION STYLE
Vaudenay, S. (1996). Hidden collisions on DSS. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1109, pp. 83–88). Springer Verlag. https://doi.org/10.1007/3-540-68697-5_7
Mendeley helps you to discover research relevant for your work.