×

zbMATH — the first resource for mathematics

Lattice attacks on digital signature schemes. (English) Zbl 1006.94022
The authors assume that \(h\) messages \(mi\) are known and a few bits of the ephemeral keys \(yi\) are known. Thus there are \(h\) equations \[ mi-si yi + x ri = 0\pmod p, \] whereby the \(x\) and \(h\) \(yi\) are unknown. The authors show how to break the digital signature by the lattice method if small numbers of bits of many \(yi\) are known.

MSC:
94A62 Authentication, digital signatures and secret sharing
94A60 Cryptography
PDF BibTeX XML Cite
Full Text: DOI