Results 1 
4 of
4
Generating ElGamal signatures without knowing the secret key
, 1996
"... . We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
. We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal's digital signature scheme [4] relies on the difficulty of computing discrete logarithms in the multiplicative group IF p and can therefore be broken if the computation of discrete logarithms is feasible. However, the converse has never been proved. In this paper we show that it is sometimes possible to forge signatures without breaking the underlying discrete logarithm problem. This shows that the ElGamal signature scheme and some variants of the scheme must be used very carefully. The paper is organized as follows. Section 2 describes the ElGamal signature scheme. In Section 3 we present a method to forge signatures if some additional information on the generator is known. We show that...
MetaElGamal signature schemes using a composite module
, 1994
"... In 1984 ElGamal published the first signature scheme based on the discrete logarithm problem. Since then a lot of work was done to modify and generalize this signature scheme. Very important steps of recent research were the discovery of efficient signature schemes with appendix , e.g. by Schnorr, N ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In 1984 ElGamal published the first signature scheme based on the discrete logarithm problem. Since then a lot of work was done to modify and generalize this signature scheme. Very important steps of recent research were the discovery of efficient signature schemes with appendix , e.g. by Schnorr, Nyberg/Rueppel or Harn. All these variants can be embedded into a MetaElGamal signature scheme. Until now all schemes except one have in common that the verification is done over a finite field. In this paper we focus on those schemes where a composite modul n = pq instead of a primemodul p is used in the MetaElGamal signature scheme. An unmodified scheme is cryptoanalysed in this composite mode, further we introduce some new refined modes and give a security and performance analysis of the various schemes. As a result, some schemes can be used in these modes with slight modifications. Although the security of these schemes can't be proven, the advantages are that ffl even existential for...
Generating ElGamal signatures without knowing the secret key
, 1996
"... . We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction El ..."
Abstract
 Add to MetaCart
. We present a new method to forge ElGamal signatures if the public parameters of the system are not chosen properly. Since the secret key is hereby not found this attack shows that forging ElGamal signatures is sometimes easier than the underlying discrete logarithm problem. 1 Introduction ElGamal's digital signature scheme [4] relies on the difficulty of computing discrete logarithms in the multiplicative group IF p and can therefore be broken if the computation of discrete logarithms is feasible. However, the converse has never been proved. In this paper we show that it is sometimes possible to forge signatures without breaking the underlying discrete logarithm problem. This shows that the ElGamal signature scheme and some variants of the scheme must be used very carefully. The paper is organized as follows. Section 2 describes the ElGamal signature scheme. In Section 3 we present a method to forge signatures if some additional information on the generator is known. We show ...
A Survey of Elliptic Curve Cryptosystems, Part I: Introductory
, 2003
"... The theory of elliptic curves is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography. An elliptic curve is a twodimensional (planar) curve defined by an equation involving a cubic power of coordinate x and a square power of co ..."
Abstract
 Add to MetaCart
The theory of elliptic curves is a classical topic in many branches of algebra and number theory, but recently it is receiving more attention in cryptography. An elliptic curve is a twodimensional (planar) curve defined by an equation involving a cubic power of coordinate x and a square power of coordinate y. One class of these curves is