The Newton Channel

Serge Vaudenay
1996
Conference paper

Abstract

Simmons asked whether there exists a signature scheme with a broadband covert channel that does not require the sender to compromise the security of her signing key. We answer this question in the affirmative; the ElGamal signature scheme has such a channel. Thus, contrary to popular belief, the design of the DSA does not maximise the covert utility of its signatures, but minimises them. Our construction also shows that many discrete log based systems are insecure: they operate in more than one group at a time, and key material may leak through those groups in which discrete log is easy. However, the DSA is not vulnerable in this way.

Official source

https://infoscience.epfl.ch/record/99471?ln=en

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Ontological neighbourhood

Computer engineering

Computer security: Public-key cryptography

Related concepts (17)

Related publications (34)

The Newton Channel

Making Classical (Threshold) Signatures Post-quantum for Single Use on a Public Ledger

Security in the Presence of Quantum Adversaries

Lattice-Based Blind Signatures: Short, Efficient, and Round-Optimal

Lattice-Based Blind Signatures: Short, Efficient, and Round-Optimal

Making Classical (Threshold) Signatures Post-quantum for Single Use on a Public Ledger

Security in the Presence of Quantum Adversaries