Digital Signature Algorithm for M-Payment Applications Using Arithmetic Encoding and Factorization Algorithm

David, Shibin; Kathrine, G. Jaspher W.

doi:10.4018/jcit.20210701.oa2

Cited by 1 publication

(1 citation statement)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is much more practical than existing works. We will give our subverted schemes for DSA [17], Modified ELGamal [19,20] and Schnorr [22] signature schemes to show the generality of our method. -The basic version of the subverted scheme only maintains a constant state and has a restriction that the message can not repeat.…”

Section: Our Contributionmentioning

confidence: 99%

Practical algorithm substitution attack on extractable signatures

Zhao

Liang

Zhao

et al. 2022

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Algorithm Substitution Attack (ASA) can undermine the security of cryptographic primitives by subverting the original implementation. ASA succeeds when it extracts secrets without being detected.To launch an ASA on signature schemes, existing research works often have to collect signatures with successive indices to extract the signing key. However, collection with successive indices requires uninterrupted surveillance of the communication channel and low loss rate of transmission in practice. This hinders the current ASAs from being practically implemented, and making users misbelieve the threat incurred by ASA is only at the theoretical level and much far from reality. In this paper, we first classify a group of schemes called extractable signatures that achieve traditional security (unforgeability) by reductions ending with key extraction, showing that there is a generic and practical approach for ASA to this class of signatures. Then, we present the implementations of ASAs that only two signatures and no further requirements are needed for extraction of widely used discrete log based signatures like DSA, Schnorr and Modified ElGamal signature schemes. Our attack presents a realistic threat to current signature applications, which can even be implemented in open and unstable environment like a vehicular ad hoc network. Finally, we prove the proposed ASA is undetectable against polynomial time detectors and physical timing analysis.

show abstract