The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces

Designs, Codes, and Cryptography

Volumn 30, Issue 2, 2003, Pages 201-217

  Nguyen, Phong Q ^a   Shparlinski, Igor E ^b  

^a Departement d'Informatique   (France)

^b MACQUARIE UNIVERSITY   (Australia)

Author keywords

Closest vector problem; Cryptanalysis; Discrepancy; Distribution; ECDSA; Elliptic curves; Exponential sums; Lattices; LLL

Indexed keywords

ALGORITHMS; POLYNOMIALS; VECTORS;

CRYPTANALYSIS;

ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS;

EID: 0141889703     PISSN: 09251022     EISSN: None     Source Type: Journal    
DOI: 10.1023/A:1025436905711     Document Type: Article

References (31)

1. M. Ajtai, R. Kumar and D. Sivakumar, A sieve algorithm for the shortest lattice vector problem, In Proc. 33rd ACM Symp. on Theory of Computation (STOC'2001), Crete (2001) pp. 601-610.
2. L. Babai, On Lovász lattice reduction and the nearest lattice point problem, Combinatorica, Vol. 6 (1986) pp. 1-13.
3. M. Bellare, S. Goldwasser and D. Micciancio, "Pseudo-random" number generation within cryptographic algorithms: The DSS case, In Proc. of Crypto '97, volume 1294 of LNCS. IACR, Springer-Verlag (1997) pp. 277-291.
4. D. Bleichenbacher, On the generation of DSS one-time keys. Manuscript. The result was presented at the Monteverita workshop in March 2001, February 2001.
5. D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, In Proc. of Crypto '96, volume 1109 of LNCS. IACR, Springer-Verlag (1996).
6. D. Boneh and R. Venkatesan, Rounding in lattices and its cryptographic applications, In Proc. of the 8th Symposium on Discrete Algorithms, ACM (1997) pp. 675-681.
7. D. R. L. Brown, The exact security of ECDSA. Technical report, Department of Combinatorics and Optimization, University of Waterloo (2000) CORR 2000-54.
8. M. Drmota and R. Tichy, Sequences, discrepancies and applications. Springer-Verlag, Berlin, 1997.
9. E. El Mahassni, P. Q. Nguyen and I. E. Shparlinski, The insecurity of Nyberg-Rueppel and other DSA-like signature schemes with partially known nonce, In Proc. Workshop on Cryptography and Lattices (CALC '01), volume 2146 of LNCS, Springer-Verlag (2001) pp. 97-109.
10. M. I. González Vasco and I. E. Shparlinski, On the security of Diffie-Hellman bits, In (K.-Y. Lam, I. E. Shparlinski, H. Wang and C. Xing eds.), Proc. Workshop on Cryptography and Computational Number Theory (CCNT'99), Singapore, Birkhäuser (2001) pp. 257-268.
11. M. I. González Vasco and I. E. Shparlinski, Security of the most significant bits of the Shamir message passing scheme, Math. Comp., Vol. 71 (2002) pp. 333-342.
12. N. A. Howgrave-Graham and N. P. Smart, Lattice attacks on digital signature schemes, Design, Codes and Cryptography, Vol. 23 (2001) pp. 283-290.
13. D. Johnson, A. J. Menezes and S. A. Vanstone, The elliptic curve digital signature algorithm (ECDSA), Intern. J. of Information Security, Vol. 1 (2001) pp. 36-63.
14. N. Koblitz, An elliptic curve implementation of the finite field digital signature algorithm, In Proc. of Crypto '98, volume 1462 of LNCS, IACR, Springer-Verlag (1998) pp. 327-337.
15. N. Koblitz, A. J. Menezes and S. A. Vanstone, The state of elliptic curve cryptography, Designs, Codes and Cryptography, Vol. 19 (1994) pp. 173-193.
16. D. Kohel and I. E. Shparlinski, Exponential sums and group generators for elliptic curves over finite fields, In Algorithmic Number Theory - Proc. of ANTS-IV, volume 1838 of LNCS, Springer-Verlag (2000) pp. 395-404.
17. S. V. Konyagin and I. E. Shparlinski, Character sums with exponential functions and their applications, Cambridge University Press, Cambridge (1999).
18. R. Kuipers and H. Niederreiter, Uniform Distribution of Sequences, Wiley-Interscience, NY (1974).
19. A. K. Lenstra, H. W. Lenstra, Jr. and L. Lovász, Factoring polynomials with rational coefficients, Mathematische Ann., Vol. 261 (1982) pp. 513-534.
20. A. Menezes, P. Van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press (1997).
21. C. J. Moreno and O. Moreno, Exponential sums and Goppa codes, I. Proc. Amer. Math. Soc., Vol. 111 (1991) pp. 523-531.
22. National Institute of Standards and Technology (NIST), FIPS Publication 186: Digital Signature Standard, May (1994).
23. P. Q. Nguyen, The dark side of the hidden number problem: Lattice attacks on DSA, In (K.-Y. Lam, I. E. Shparlinski, H. Wang and C. Xing, eds.), Proc. Workshop on Cryptography and Computational Number Theory (CCNT'99), Singapore, Birkhäuser (2001) pp. 321-330.
24. P. Q. Nguyen and I. E. Shparlinski, The insecurity of the Digital Signature Algorithm with partially known nonces, J. Cryptology, Vol. 15 (2002) pp. 151-176.
25. P. Q. Nguyen and J. Stern, Lattice reduction in cryptology: An update, In Algorithmic Number Theory - Proc. of ANTS-IV, volume 1838 of LNCS, Springer-Verlag (2000) pp. 85-112.
26. P. Q. Nguyen and J. Stern, The two faces of lattices in cryptology, In Proc. Workshop on Cryptography and Lattices (CALC '01), volume 2146 of LNCS, Springer-Verlag (2001) pp. 146-180.
27. H. Niederreiter, Quasi-Monte Carlo methods and Pseudo-random numbers, Bull. Amer. Math. Soc., Vol. 84 (1978) pp. 957-1041.
28. H. Niederreiter, Random Number Generation and Quasi-Monte Carlo Methods, volume 63, SIAM, Philadelphia, 1992, CBMS-NSF Regional Conference Series in Applied Mathematics.
29. J. H. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag (1995)
30. D. R. Stinson, Cryptography: Theory and Practice, CRC Press (1995).
31. I. M. Vinogradov, Elements of Number Theory, Dover Publ., New York (1954).