BlueHat v13 crypto talks - request for leaks ;)
Tom Ritter
tom at ritter.vg
Sat Dec 14 12:23:50 PST 2013
On 14 December 2013 14:51, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> For example if you
> follow DSA's:
>
> k = G(t,KKEY) mod q
>
> then you've leaked your x after a series of signatures, so you need to know
> that you generate a large-than-required value before reducing mod q. The
> whole DLP family is just incredibly brittle, a problem that RSA doesn't
> have.
>
This is different from the normal 'repeated/non-random k leads to private
key', is it not? Is there a paper/reference I can read more about this
attack?
-tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1060 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131214/1a84865c/attachment-0001.txt>
More information about the cypherpunks
mailing list