On the Security of Some Variants of the RSA Signature Scheme

We describe adaptive attacks on several variants of the RSA signature scheme by de Jonge and Chaum. Moreover, we show how to break Boyd’s scheme with an adaptive, a directed and a known signature attack. The feasibility of the adaptive attack on Boyd’s scheme is illustrated by a concrete example.

[1]  Johan Håstad,et al.  On Using RSA with Low Exponent in a Public Key Network , 1985, CRYPTO.

[2]  John M. DeLaurentis,et al.  A Further Weakness in the Common Modulus Protocol for the RSA Cryptoalgorithm , 1984, Cryptologia.

[3]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[4]  Hugh C. Williams,et al.  A modification of the RSA public-key encryption procedure (Corresp.) , 1980, IEEE Trans. Inf. Theory.

[5]  Daniel Bleichenbacher On the Security of the KMOV Public Key Cryptosystem , 1997, CRYPTO.

[6]  N. Demytko,et al.  A New Elliptic Curve Based Analogue of RSA , 1994, EUROCRYPT.

[7]  David Chaum,et al.  Some Variations on RSA Signatures and Their Security , 1986, CRYPTO.

[8]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[9]  Chae Hoon Lim,et al.  Cryptanalysis in Prime Order Subgroups of Z*n , 1998, ASIACRYPT.

[10]  Arjen K. Lenstra,et al.  Some Remarks on Lucas-Based Cryptosystems , 1995, CRYPTO.

[11]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  J. Pollard A monte carlo method for factorization , 1975 .

[14]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[15]  Marc Joye,et al.  A new and optimal chosen-message attack on RSA-type cryptosystems , 1997, ICICS.

[16]  Colin Boyd Digital signature and public key cryptosystems in a prime order subgroup of Zn* , 1997, ICICS.