Digital Signature Schemes with Domain Parameters: Yet Another Parameter Issue in ECDSA

Digital signature schemes often use domain parameters such as prime numbers or elliptic curves. They can be subject to security threats when they are not treated like public keys. In this paper we formalize the notion of “signature scheme with domain parameter” together with a new adversarial model: the “domain parameter shifting attack”.

[1]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[2]  Lisa O’Connor,et al.  American Bankers Association , 2000 .

[3]  Serge Vaudenay,et al.  Hidden Collisions on DSS , 1996, CRYPTO.

[4]  Serge Vaudenay The Security of DSA and ECDSA Bypassing the Standard Elliptic Curve Certification Scheme , 2002 .

[5]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[6]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[7]  Neal Koblitz,et al.  CM-Curves with Good Cryptographic Properties , 1991, CRYPTO.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Serge Vaudenay,et al.  The Security of DSA and ECDSA , 2003, Public Key Cryptography.

[10]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[15]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[16]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[17]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[18]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[19]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[20]  Alfred Menezes,et al.  Security of Signature Schemes in a Multi-User Setting , 2004, Des. Codes Cryptogr..

[21]  A. Taher Cryptography and logarithms over finite fields , 1984 .

[22]  Jean Monnerat Computation of the discrete logarithm on elliptic curves of trace one ? Tutorial , 2002 .

[23]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[24]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[25]  Daniel Bleichenbacher,et al.  Generating EIGamal Signatures Without Knowing the Secret Key , 1996, EUROCRYPT.

[26]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.