Abstract
This paper describes a powerful attack on a verifiably committed signature scheme based on GPS and RSA proposed in Financial Cryptography 2001. Given any partial signature, the attacker can extract the corresponding full signature. The attack works provided the attacker previously obtained a full signature of a special form, which can be done simply by eavesdropping a very small number of full signatures. For example, with the originally recommended parameters choice, 66% of the signatures are of this form. As a consequence, two "fair" protocols using this primitive do not satisfy the fairness property. Of independent interest, our attack shows that special attention should be paid when building cryptographic protocols from GPS and RSA. © Springer-Verlag 2004.
Author supplied keywords
Cite
CITATION STYLE
Cathalo, J., Libert, B., Quisquater, J. J., Signatures, V. C., & Exchange, O. F. (2004). Cryptanalysis of a verifiably committed signature scheme based on gps and rsa. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3225, 52–60. https://doi.org/10.1007/978-3-540-30144-8_5
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
