Results 1 
7 of
7
Generating ElGamal signatures without knowing the secret key
, 1996
"... . We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal ..."
Abstract

Cited by 42 (0 self)
 Add to MetaCart
. We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal's digital signature scheme [4] relies on the difficulty of computing discrete logarithms in the multiplicative group IF p and can therefore be broken if the computation of discrete logarithms is feasible. However, the converse has never been proved. In this paper we show that it is sometimes possible to forge signatures without breaking the underlying discrete logarithm problem. This shows that the ElGamal signature scheme and some variants of the scheme must be used very carefully. The paper is organized as follows. Section 2 describes the ElGamal signature scheme. In Section 3 we present a method to forge signatures if some additional information on the generator is known. We show that...
MetaElGamal signature schemes using a composite module
, 1994
"... In 1984 ElGamal published the first signature scheme based on the discrete logarithm problem. Since then a lot of work was done to modify and generalize this signature scheme. Very important steps of recent research were the discovery of efficient signature schemes with appendix , e.g. by Schnorr, N ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In 1984 ElGamal published the first signature scheme based on the discrete logarithm problem. Since then a lot of work was done to modify and generalize this signature scheme. Very important steps of recent research were the discovery of efficient signature schemes with appendix , e.g. by Schnorr, Nyberg/Rueppel or Harn. All these variants can be embedded into a MetaElGamal signature scheme. Until now all schemes except one have in common that the verification is done over a finite field. In this paper we focus on those schemes where a composite modul n = pq instead of a primemodul p is used in the MetaElGamal signature scheme. An unmodified scheme is cryptoanalysed in this composite mode, further we introduce some new refined modes and give a security and performance analysis of the various schemes. As a result, some schemes can be used in these modes with slight modifications. Although the security of these schemes can't be proven, the advantages are that ffl even existential for...
unknown title
"... The discrete logarithm problem has played an important role in the construction of some cryptographic protocols. Hence, many of the most widely used public key cryptosystems are based on the assumption that the discrete logarithm is indeed hard to compute. In this thesis, we discuss the security of ..."
Abstract
 Add to MetaCart
The discrete logarithm problem has played an important role in the construction of some cryptographic protocols. Hence, many of the most widely used public key cryptosystems are based on the assumption that the discrete logarithm is indeed hard to compute. In this thesis, we discuss the security of some cryptosystems based on discrete logarithm, such as Ghodosi and Saeednia’s selfcertified grouporiented cryptosystem and Seo and Sweeney’s simple authenticated key agreement protocol. In addition, we further construct a practical model that embeds the concept of an IDBased system into all of the cryptosystems based on the discrete logarithm, while maintaining the original security level. We not only design a transformation process to provide solutions rather than to reinvent a new scheme but also keep all the advantages of IdentityBased system such as the publickey forgeries prevention and identification
A Knapsack Cryptosystem Based on The Discrete Logarithm Problem
"... This paper introduces a knapsack cryptosystem based on the problem of discrete logarithm. The proposed algorithm obtains the public knapsack values by finding the discrete logarithms of the secret knapsack ones. Also, it encrypts the message block by obtaining its binary bits and then computing th ..."
Abstract
 Add to MetaCart
This paper introduces a knapsack cryptosystem based on the problem of discrete logarithm. The proposed algorithm obtains the public knapsack values by finding the discrete logarithms of the secret knapsack ones. Also, it encrypts the message block by obtaining its binary bits and then computing the modular multiplication of the public knapsack values corresponding to the 1bits of the binary form. The decryption is done by obtaining the inverse of the discrete logarithm of the encrypted message. The computation of this inverse is known inverse is known to be a hard problem. The block length is as the same as the knapsack length. The paper discusses the security issues of the system.
Generating ElGamal signatures without knowing the secret key
, 1996
"... . We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction El ..."
Abstract
 Add to MetaCart
. We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal's digital signature scheme [4] relies on the difficulty of computing discrete logarithms in the multiplicative group IF p and can therefore be broken if the computation of discrete logarithms is feasible. However, the converse has never been proved. In this paper we show that it is sometimes possible to forge signatures without breaking the underlying discrete logarithm problem. This shows that the ElGamal signature scheme and some variants of the scheme must be used very carefully. The paper is organized as follows. Section 2 describes the ElGamal signature scheme. In Section 3 we present a method to forge signatures if some additional information on the generator is known. We show ...