Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2005

Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log

Pascal Paillier
  • Fonction : Auteur
Gemplus Card International - Cryptography Group
Damien Vergnaud
Laboratoire de Mathématiques Nicolas Oresme

Résumé

We provide evidence that the unforgeability of several discrete-log based signatures like Schnorr signatures cannot be equivalent to the discrete log problem in the standard model. This contradicts in nature well-known proofs standing in weakened proof methodologies, in particular proofs employing various formulations of the Forking Lemma in the random oracle Model. Our impossibility proofs apply to many discrete-log-based signatures like ElGamal signatures and their extensions, DSA, ECDSA and KCDSA as well as standard generalizations of these, and even RSA-based signatures like GQ. We stress that our work sheds more light on the provable (in)security of popular signature schemes but does not explicitly lead to actual attacks on these.

Domaines

Cryptographie et sécurité [cs.CR]
Fichier principal
Vignette du fichier
dlneqdl.pdf (268.78 Ko) Télécharger le fichier

Damien Vergnaud  : Connectez-vous pour contacter le contributeur

https://hal.science/hal-00019352

Soumis le : mardi 21 février 2006-13:31:00

Dernière modification le : mercredi 20 mars 2024-18:02:04

Archivage à long terme le : samedi 3 avril 2010-20:42:54

Télécharger pour visualiser

Dates et versions

hal-00019352 , version 1 (21-02-2006)

Identifiants

  • HAL Id : hal-00019352 , version 1

Citer

Pascal Paillier, Damien Vergnaud. Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log. 2005, pp.1-20. ⟨hal-00019352⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CNRS COMUE-NORMANDIE UNICAEN LMNO
70 Consultations
742 Téléchargements

Partager

Gmail Facebook X LinkedIn More