Paper 2007/320

On the Big Gap Between $|p|$ and $|q|$ in DSA

Zhengjun Cao

Abstract

We introduce a message attack against DSA and show that the security of DSA is indeed reduced to the following problem, i.e., find $\theta\in \mathbb{Z}_q^*$ such that\\ \centerline{$z=(\hat g^{\theta} \,\mbox{mod}\, p)\, \mbox{mod}\, q $}\\ where $\mbox{Ord}_p(\hat g)=q$ and $z\in \mathbb{Z}_q^*$ is randomly chosen by the adversary. Compared with the common key-only attack, i.e., find $x\in \mathbb{Z}_q^*$ such that\\ \centerline{$ y= g^x \,\mbox{mod}\, p$}\\ the message attack is more effective because of the big gap between $|p|$ (1024-bit) and $|q|$ (160-bit).

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
DSASchnorr's signaturemessage attack
Contact author(s)
caozhj @ shu edu cn
History
2007-08-16: received
Short URL
https://ia.cr/2007/320
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/320,
      author = {Zhengjun Cao},
      title = {On the Big Gap   Between $|p|$ and $|q|$ in DSA},
      howpublished = {Cryptology ePrint Archive, Paper 2007/320},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/320}},
      url = {https://eprint.iacr.org/2007/320}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.