Cryptanalysis of ISO/IEC 9796-1

D. Coppersmith; J.S. Coron; F. Grieu; S. Halevi; C. Jutla; D. Naccache; J.P. Stern

doi:10.1007/s00145-007-9007-5

Journal of Cryptology

Paper

05 Sep 2007

Cryptanalysis of ISO/IEC 9796-1

Download paper

Abstract

We describe two different attacks against the ISO/IEC 9796-1 signature standard for RSA and Rabin. Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message that was never signed by the legitimate signer. The first attack is a variant of Desmedt and Odlyzko's attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures. © 2007 International Association for Cryptologic Research.

Conference paper

Cryptanalysis of ISO/IEC 9796-1

Abstract

Related

CertRL: Formalizing convergence proofs for value and policy iteration in Coq

Multi-Structural Games and Number of Quantifiers

Flexible GMRES with Analog Accelerators

Numerical investigation of respiratory drops dynamics released during vocalization