Cryptanalysis of Countermeasures Proposed for Repairing ISO 9796-1

ISO 9796-1, published in 1991, was the first standard specifying a digital signature scheme with message recovery. In [4], Coron, Naccache and Stern described an attack on a slight modification of ISO 9796- 1. Then, Coppersmith, Halevi and Jutla turned it into an attack against the standard in full [2]. They also proposed five countermeasures for repairing it. In this paper, we show that all these countermeasures can be attacked, either by using already existing techniques (including a very recent one), or by introducing new techniques, one of them based on the decomposition of an integer into sums of two squares.

[1]  François Grieu A Chosen Messages Attack on the ISO/IEC 9796-1 Signature Scheme , 2000, EUROCRYPT.

[2]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[3]  Jean-François Misarsky,et al.  How (not) to Design RSA Signature Schemes , 1998, Public Key Cryptography.

[4]  F. Morain,et al.  On Cornacchia’s algorithm for solving the diophantine equation , 1990 .

[5]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[6]  Carl Friedrich Gauß Carl Friedrich Gauss' Untersuchungen über höhere Arithmetik. (Disquisitiones arithmeticae. Theorematis arithmetici demonstratio nova. Summatio quarundam serierum singularium ó. ). Deutsch hrsg. von H. Mas , 1889 .

[7]  Jean-Jacques Quisquater,et al.  Precautions Taken Against Various Potential Attacks in ISO/IEC DIS 9796 "Digital Signature Scheme Giving Message Recovery" , 1990, EUROCRYPT.

[8]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[9]  Jean-François Misarsky,et al.  A Multiplicative Attack Using LLL Algorithm on RSA Signatures with Redundancy , 1997, CRYPTO.

[10]  Ivan Bjerre Damgård,et al.  Advances in Cryptology — EUROCRYPT ’90 , 2001, Lecture Notes in Computer Science.

[11]  Shai Halevi,et al.  Iso 9796-1 and the new forgery strategy , 1999 .

[12]  David Chaum,et al.  Attacks on Some RSA Signatures , 1985, CRYPTO.

[13]  Jean-Sébastien Coron,et al.  On the Security of RSA Padding , 1999, CRYPTO.

[14]  Marc Girault,et al.  Selective Forgery of RSA Signatures Using Redundancy , 1997, EUROCRYPT.

[15]  Françoise Morain Courbes elliptiques et tests de primalité , 1990 .