zbMATH — the first resource for mathematics

Practical key recovery for discrete-logarithm based authentication schemes from random nonce bits. (English) Zbl 1380.94137
Güneysu, Tim (ed.) et al., Cryptographic hardware and embedded systems – CHES 2015. 17th international workshop, Saint-Malo, France, September 13–16, 2015. Proceedings. Berlin: Springer (ISBN 978-3-662-48323-7/pbk; 978-3-662-48324-4/ebook). Lecture Notes in Computer Science 9293, 287-306 (2015).
Summary: We propose statistical cryptanalysis of discrete-logarithm based authentication schemes such as Schnorr identification scheme or Girault-Poupard-Stern identification and signature schemes. We consider two scenarios where an adversary is given some information on the nonces used during the signature generation process or during some identification sessions. In the first scenario, we assume that some bits of the nonces are known exactly by the adversary, while no information is provided about the other bits. We show, for instance, that the GPS scheme with 128-bit security can be broken using only 710 signatures assuming that the adversary knows (on average) one bit per nonce. In the second scenario, we assume that all bits of the nonces are obtained from the correct ones by independent bit flipping with some small probability. A detailed heuristic analysis is provided, supported by extensive experiments.
For the entire collection see [Zbl 1343.68011].

94A62 Authentication, digital signatures and secret sharing
94A60 Cryptography
Full Text: DOI