International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On the Big Gap Between $|p|$ and $|q|$ in DSA

Authors:
Zhengjun Cao
Download:
URL: http://eprint.iacr.org/2007/320
Search ePrint
Search Google
Abstract: We introduce a message attack against DSA and show that the security of DSA is indeed reduced to the following problem, i.e., find $\theta\in \mathbb{Z}_q^*$ such that\\ \centerline{$z=(\hat g^{\theta} \,\mbox{mod}\, p)\, \mbox{mod}\, q $}\\ where $\mbox{Ord}_p(\hat g)=q$ and $z\in \mathbb{Z}_q^*$ is randomly chosen by the adversary. Compared with the common key-only attack, i.e., find $x\in \mathbb{Z}_q^*$ such that\\ \centerline{$ y= g^x \,\mbox{mod}\, p$}\\ the message attack is more effective because of the big gap between $|p|$ (1024-bit) and $|q|$ (160-bit).
BibTeX
@misc{eprint-2007-13600,
  title={On the Big Gap   Between $|p|$ and $|q|$ in DSA},
  booktitle={IACR Eprint archive},
  keywords={DSA,    Schnorr's signature,  message  attack},
  url={http://eprint.iacr.org/2007/320},
  note={ caozhj@shu.edu.cn 13741 received 15 Aug 2007, last revised 16 Aug 2007},
  author={Zhengjun Cao},
  year=2007
}