Generalized Key Substitution Attacks on Message Recovery Signatures

[1] ABE, M.-OKAMOTO, T.: A signature scheme with message recovery as secure as discrete logarithm, In: (K.-Y. Lam et al., eds.) Advances in Cryptology - ASIACRYPT ’99, International Conference on the Theory and Applications of Cryptology and Information Security, Singapore, 1999, Lecture Notes in Comput. Sci. Vol. 1716, Springer-Verlag, Heidelberg (1999), pp. 378-389.Search in Google Scholar

[2] BELLARE, M.-ROGAWAY, P.: Optimal asymmetric encryption. In: (A. De Santis, ed.) Advances in Cryptology - EUROCRYPT ’94, Workshop on the Theory and Application of Cryptographic Techniques, Perugia, Italy, 1994, Lecture Notes in Comput. Sci. Vol. 950, Springer-Verlag, Heidelberg, (1995), pp. 92-111.Search in Google Scholar

[3] BLAKE-WILSON, S.- MENEZES, A.: Unknown key-share attacks on the station-tostation (STS) protocol. In: (H. Imai, Y. Zheng, eds.) Public Key Cryptography, Second International Workshop on Practice and Theory in Public Key Cryptography, PKC ’99, Kamakura, Japan, 1999, Lecture Notes in Comput. Sci. Vol. 1560, Springer-Verlag, Heidelberg, (1999), pp. 154-170.Search in Google Scholar

[4] BOHLI, J.-M.-RÖHRICH, S.-STEINWANDT, R.: Key substitution attacks revisited: Taking into account malicious signers. Int. J. Inform. Sec. 5 (2006), no. 1, 30-36.Search in Google Scholar

[5] CHAUM, D.-EVERTSE, J.-H.-VAN DE GRAAF, J.-PERALTA, R.: Demonstrating possession of a discrete logarithm without revealing it. In: (A.M. Odlyzko, ed.) Advances in Cryptology - CRYPTO ’86, Santa Barbara, California, USA, 1986, Lecture Notes in Comput. Sci. Vol. 263, Springer-Verlag, Heidelberg, (1986), pp. 200-212.Search in Google Scholar

[6] ISO/IEC 14888-2:2008: Information technology - Security techniques - Digital signatures with appendix - Part 2: Integer factorization based mechanisms, 2008.Search in Google Scholar

[7] ISO/IEC 1st CD 14888-3: Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms, 2014.Search in Google Scholar

[8] ISO/IEC 14888-3:2006: Information technology - Security techniques - Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms, 2006.Search in Google Scholar

[9] ISO/IEC 9796-2:2010: Information technology- Security techniques- Digital signature schemes giving message recovery - Part 2: Integer factorization based mechanisms, 2010.Search in Google Scholar

[10] ISO/IEC 9796-3:2006: Information technology- Security techniques- Digital signature schemes giving message recovery - Part 3: Discrete logarithm based mechanisms, 2006.Search in Google Scholar

[11] GOLDWASSER, S.-MICALI, S.-RACKOFF, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18 (1989), no. 1, 186-208.Search in Google Scholar

[12] MENEZES, A.-SMART, N.P.: Security of signature schemes in a multi-user setting. Designs, Codes and Cryptography 33 (2004), no. 3, 261-274.10.1023/B:DESI.0000036250.18062.3fOpen DOISearch in Google Scholar

[13] MIYAJI, A.: Another countermeasure to forgeries over message recovery signature. IEICE Transactions on Fundamentals of Electronics, Communications E80-A (1997), no. 11, 2192-2200.Search in Google Scholar

[14] NYBERG, K.-RUEPPEL, R.A.: Message recovery for signature schemes based on the discrete logarithm problem, Designs, Codes and Cryptography 7 (1996), no. 1-2, 61-81.Search in Google Scholar

[15] PINTSOV, L.-VANSTONE, S.: Postal revenue collection in the digital age. In: (Y. Frankel, ed.) Financial Cryptography, 4th International Conference, FC 2000 Anguilla, British West Indies, 2000, Lecture Notes in Comput. Sci. Vol. 1962, Springer-Verlag, Heidelberg, (2000), pp. 105-120.Search in Google Scholar

[16] VAUDENAY, S.: The security of DSA and ECDSA. In: (Y. Desmedt, ed.) Public Key Cryptography-PKC 2003, 6th InternationalWorkshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA , Lecture Notes in Comput. Sci. Vol. 2567, Springer- -Verlag, Heidelberg, (2002), pp. 309-323.Search in Google Scholar

[17] VAUDENAY, S.: Digital signature schemes with domain parameters: Yet another parameter issue in ECDSA. In: (H. Wang et al., eds.) Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Sydney, Australia, 2004, Lecture Notes in Comput. Sci. Vol. 3108, Springer-Verlag, Heidelberg, (2004), pp. 188-199.Search in Google Scholar

[18] YUM, D.H.-SIM, S. G.-LEE, P. J.: New signature schemes giving message recovery based on EC-KCDSA. In: Proceedings of the 12th Conference on Information Security and Cryptology (CISC), (2002), pp. 595-597Search in Google Scholar

[19] ZHANG, Z.-YANG, K.-ZHANG, J.-CHEN, C.: Security of the SM2 signature scheme against generalized key substitution attacks. In: (L. Chen, S. Matsuo, eds.) Security Standardisation Research - Second International Conference, SSR 2015, Tokyo, Japan, 2015, Lecture Notes in Comput. Sci. Vol. 9497, Springer-Verlag, Heidelberg, (2015), pp. 140-153.Search in Google Scholar