**On the Big Gap Between $|p|$ and $|q|$ in DSA**

*Zhengjun Cao*

**Abstract: **We introduce a message attack against DSA and show that the security of DSA is indeed reduced to the following problem, i.e., find $\theta\in \mathbb{Z}_q^*$ such that\\
\centerline{$z=(\hat g^{\theta} \,\mbox{mod}\, p)\, \mbox{mod}\, q $}\\
where $\mbox{Ord}_p(\hat g)=q$ and
$z\in \mathbb{Z}_q^*$ is randomly chosen by the adversary.
Compared with the common key-only attack, i.e., find $x\in \mathbb{Z}_q^*$ such that\\
\centerline{$ y= g^x \,\mbox{mod}\, p$}\\ the message attack is more effective because of the big gap between
$|p|$ (1024-bit) and $|q|$ (160-bit).

**Category / Keywords: **DSA, Schnorr's signature, message attack

**Date: **received 15 Aug 2007, last revised 16 Aug 2007

**Contact author: **caozhj at shu edu cn

**Available format(s): **PDF | BibTeX Citation

**Version: **20070816:122127 (All versions of this report)

**Short URL: **ia.cr/2007/320

[ Cryptology ePrint archive ]