The security of the birational permutation signature schemes

被引：20

作者：

Coppersmith, D ^{[1
]}

Stern, J ^{[1
]}

Vaudenay, S ^{[1
]}

机构：

[1] ECOLE NORMALE SUPER, LAB INFORMAT, F-75230 PARIS, FRANCE

来源：

JOURNAL OF CRYPTOLOGY | 1997年 / 10卷 / 03期

关键词：

signature schemes; cryptanalysis; birational transformations;

D O I：

10.1007/s001459900028

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

In recent years, researchers have invested a lot of effort in trying to design suitable alternatives to the RSA signature scheme, with lower computational requirements. The idea of using polynomial equations of low degree in several unknowns, with some hidden trap-door, has been particularly attractive. One of the most noticeable attempts to push this idea forward is the Ong-Schnorr-Shamir signature scheme, which has been broken by Pollard and Schnorr. At Crypto '93, Shamir proposed a family of cryptographic signature schemes based on a new method. His design made subtle use of birational permutations over the set of k-tuples of integers module a large number N of unknown factorization. However, the schemes presented in Shamir's paper are weak. In the present paper, we describe several attacks which can be applied to schemes in this general family.

引用

页码：207 / 221

页数：15

共 10 条

[1]

COPPERSMITH D, 1994, LECT NOTES COMPUTER, V773, P587

[2]

Czapor S., 1992, ALGORITHMS COMPUTER

[3]

Lang Serge, 1984, Algebra

[4]

MATSUMOTO T, 1988, LECT NOTES COMPUTER, V330, P419

[5]

ONG H, 1984, 16TH P ACM S THEOR C, P208

[6]

Patarin J, 1995, LECT NOTES COMPUT SC, V963, P248

[7] AN EFFICIENT SOLUTION OF THE CONGRUENCE X2+KY2=M(MOD N) [J].

POLLARD, JM ;

SCHNORR, CP .

IEEE TRANSACTIONS ON INFORMATION THEORY, 1987, 33 (05) :702-709

[8]

RIVEST RL, 1978, COMMUN ACM, V21, P120, DOI [10.1145/359340.359342, 10.1145/357980.358017]

[9]

SHAMIR A, 1994, LECT NOTES COMPUTER, V773, P1

[10]

Theobald T, 1995, LECT NOTES COMPUT SC, V963, P136

← 1 →