Skip to main content
Journal ArticleOPEN ACCESS

On the security of RDSA

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2003) 2656 462-476
DOI: 10.1007/3-540-39200-9_29
2Citations
Citations of this article
32Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

A variant of Schnorr's signature scheme called RDSA has been proposed by I. Biehl, J. Buchmann, S. Hamdy and A. Meyer in order to be used in finite abelian groups of unknown order such as the class group of imaginary quadratic orders. We describe in this paper a total break of RDSA under a plain known-message attack for the parameters that were originally proposed. It recovers the secret signature key from the knowledge of less than 10 signatures of known messages, with a very low computational complexity. We also compare a repaired version of RDSA with GPS scheme, another Schnorr variant with similar properties and we show that GPS should be preferred for most of the applications. © Springer-Verlag Berlin Heidelberg 2003.

Author supplied keywords

Cite

CITATION STYLE

APA

Fouque, P. A., & Poupard, G. (2003). On the security of RDSA. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2656, 462–476. https://doi.org/10.1007/3-540-39200-9_29

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free