Paper 2015/1135

On the Security of the Schnorr Signature Scheme and DSA against Related-Key Attacks

Hiraku Morita, Jacob C. N. Schuldt, Takahiro Matsuda, Goichiro Hanaoka, and Tetsu Iwata

Abstract

In the ordinary security model for signature schemes, we consider an adversary that may forge a signature on a new message using only his knowledge of other valid message and signature pairs. To take into account side channel attacks such as tampering or fault-injection attacks, Bellare and Kohno (Eurocrypt 2003) formalized related-key attacks (RKA), where stronger adversaries are considered. In RKA for signature schemes, the adversary can also manipulate the signing key and obtain signatures for the modified key. This paper considers RKA security of two established signature schemes: the Schnorr signature scheme and (a well-known variant of) DSA. First, we show that these signature schemes are secure against a weak notion of RKA. Second, we demonstrate that, on the other hand, neither the Schnorr signature scheme nor DSA achieves the standard notion of RKA security, by showing concrete attacks on these. Lastly, we show that a slight modification of both the Schnorr signature scheme and (the considered variant of) DSA yields fully RKA secure schemes.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ICISC 2015
Keywords
Related-key attacksSchnorr signaturesDSA
Contact author(s)
h_morita @ echo nuee nagoya-u ac jp
jacob schuldt @ aist go jp
t-matsuda @ aist go jp
hanaoka-goichiro @ aist go jp
iwata @ cse nagoya-u ac jp
History
2015-11-26: received
Short URL
https://ia.cr/2015/1135
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1135,
      author = {Hiraku Morita and Jacob C. N.  Schuldt and Takahiro Matsuda and Goichiro Hanaoka and Tetsu Iwata},
      title = {On the Security of the Schnorr Signature Scheme and DSA against Related-Key Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1135},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1135}},
      url = {https://eprint.iacr.org/2015/1135}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.