In this paper, it is shown that the Schnorr scheme with preprocessing as proposed in [4] leaks too much information. An attack based on this information leakage is presented that retrieves the secret key. The complexity of this attack is upper bounded by 2k • k3(d - 2) steps, and the expected required number of signatures is lew than 2k • (k/2)d-2, where k is a security parameter. This complexity is significantly lower than the kk(d - 2)steps, conjectured in [4]. For example, for the security parameters that are proposed in [4], the secret key can on average be found in 237, 5 steps, instead of in 272 steps. This shows that it is inevitable to either modify the preprocessing algorithm, or choose the values of the security parameters larger than proposed in [4]. Finally, we briefly discuss the possibility of averting the proposed attack by modifying the preprocessing algorithm.
CITATION STYLE
de Rooij, P. (1991). On the security of the schnorr scheme using preprocessing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 547 LNCS, pp. 71–80). Springer Verlag. https://doi.org/10.1007/3-540-46416-6_6
Mendeley helps you to discover research relevant for your work.