Abstract
We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme’s security is based on two assumptions namely the strong RSA assumption and the existence of a division-intractable hash-function. For the latter, the authors conjectured a security level exponential in the hash-function’s digest size whereas our attack is sub-exponential with respect to the digest size. Moreover, since the new attack is optimal, the length of the hash function can now be rigorously fixed. In particular, to get a security level equivalent to 1024-bit RSA, one should use a digest size of approximately 1024 bits instead of the 512 bits suggested in [9].
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
E. Bach and R. Peralta, Asymptotic semismoothness probabilities, Mathematics of computation, vol. 65, no. 216, pp. 1701–1715, 1996.
N. Barić and B. Pfitzmann, Collision-free accumulators and fail-stop signature scheme without trees, proceedings of Eurocrypt’97, LNCS vol. 1233, Springer-Verlag, 1997, pp. 480–494.
M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.
R. Brent, An improved Monte Carlo factorization algorithm, Nordisk Tidskrift för Informationsbehandling (BIT) 20 (1980) pp. 176–184.
E. Canfield, P. Erdös and C. Pomerance, On a problem of Oppenheim concerning ‘Factorisatio Numerorum’, J. Number Theory, vol. 17, 1983, PP. 1–28.
J.S. Coron and D. Naccache, Security analysis of the Gennaro-Halevi-Rabin signature scheme, full version of this paper, available at http://www.eleves.ens.fr:8080/home/coron, 2000.
K. Dickman, On the frequency of numbers containing prime factors of a certain relative magnitude, Arkiv för matematik, astronomi och fysik, vol. 22A, no. 10, pp. 1–14, 1930.
G. Hardy and E. Wright, An introduction to the theory of numbers, Fifth edition, Oxford, 1979, pp. 354–359, 368–370.
R. Gennaro, S. Halevi and T. Rabin, Secure hash-and-sign signatures without the random oracle, proceedings of Eurocrypt’99, LNCS vol. 1592, Springer-Verlag, 1999, pp. 123–139.
A. Ivić and G. Tenenbaum, Local densities over integers free of large prime factors, Quart. J. Math. Oxford (2), 37 (1986), pp. 401–417.
H. W. Lenstra, Jr., Factoring integers with elliptic curves, Ann. of Math. (2) 126 (1987) pp. 649–673.
M.I.R.A.C.L. library, Shamus Software Ltd., 94 Shangan Road, Ballymun, Dublin, Ireland.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, JS., Naccache, D. (2000). Security Analysis of the Gennaro-Halevi-Rabin Signature Scheme. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_7
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive