Insecure primitive elements in an ElGamal signature protocol
Abstract
Consider the classical ElGamal digital signature scheme based on the modular relation αm yr\, rs\ [p]. In this work, we prove that if we can compute a natural integer i such that αi\ mod\ p is smooth and divides p-1, then it is possible to sign any given document without knowing the secret key. Therefore we extend and reinforce Bleichenbacher's attack presented at Eurocrypt'96.
0
Turn this paper into a lesson
ArcXiv compiles a structured reading guide from this paper's metadata: plain-English importance, contributions, prerequisite concepts, which sections to read first, flashcards, and a quiz. Grounded in the abstract, never invented.