Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme

14 years 3 months ago

Download www.gemplus.com

We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme's security is based on two assumptions namely the strong RSA assumption and the existence of a division-intractable hash-function. For the latter, the authors conjectured a security level exponential in the hash-function's digest size whereas our attack is sub-exponential with respect to the digest size. Moreover, since the new attack is optimal, the length of the hash function can now be rigorously fixed. In particular, to get a security level equivalent to 1024-bit RSA, one should use a digest size of approximately 1024 bits instead of the 512 bits suggested in [9]. Keywords. Gennaro-Halevi-Rabin signature scheme, Strong RSA problem, division intractability.

Jean-Sébastien Coron, David Naccache

Real-time Traffic

Cryptology | Digest Size | EUROCRYPT 2000 | Signature Scheme | Strong Rsa |

claim paper

Post Info
More Details (n/a)

Added	24 Aug 2010
Updated	24 Aug 2010
Type	Conference
Year	2000
Where	EUROCRYPT
Authors	Jean-Sébastien Coron, David Naccache

Comments (0)

Sciweavers

Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme

Cryptology | Digest Size | EUROCRYPT 2000 | Signature Scheme | Strong Rsa |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers