Skip to main content
Conference ProceedingsOPEN ACCESS

A chosen messages attack on the ISO/IEC 9796–1 signature scheme

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000) 1807 70-80
DOI: 10.1007/3-540-45539-6_5
5Citations
Citations of this article
32Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We introduce an attack against the ISO/IEC 9796–1 digital signature scheme using redundancy, taking advantage of the multiplicative property of the RSA and Rabin cryptosystems. The forged signature of 1 message is obtained from the signature of 3 others for any public exponent v. For even v, the modulus is factored from the signature of 4 messages, or just 2 for v = 2. The attacker must select the above messages from a particular message subset, which size grows exponentialy with the public modulus bit size. The attack is computationally inexpensive, and works for any modulus of 16z, 16z ± 1, or 16z ± 2 bits. This prompts the need to revise ISO/IEC 9796–1, or avoid its use in situations where an adversary could obtain the signature of even a few mostly chosen messages.

Cite

CITATION STYLE

APA

Grieu, F. (2000). A chosen messages attack on the ISO/IEC 9796–1 signature scheme. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1807, pp. 70–80). Springer Verlag. https://doi.org/10.1007/3-540-45539-6_5

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free