Sciweavers

CHES
2004
Springer

Attacking DSA Under a Repeated Bits Assumption

14 years 5 months ago
Attacking DSA Under a Repeated Bits Assumption
We discuss how to recover the private key for DSA style signature schemes if partial information about the ephemeral keys is revealed. The partial information we examine is of a second order nature that allows the attacker to know whether certain bits of the ephemeral key are equal, without actually knowing their values. Therefore, we extend the work of Howgrave-Graham, Smart, Nguyen and Shparlinski who, in contrast, examine the case where the attacker knows the actual value of such bits. We also discuss how such partial information leakage could occur in a real life scenario. Indeed, the type of leakage envisaged by our attack would appear to be feasible than that considered in the prior work.
Peter J. Leadbitter, Dan Page, Nigel P. Smart
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CHES
Authors Peter J. Leadbitter, Dan Page, Nigel P. Smart
Comments (0)