Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Georgi Guninski guninski at guninski.com
Wed Sep 28 04:20:41 PDT 2016


On Wed, Sep 28, 2016 at 06:40:57AM -0400, Alfonso De Gregorio wrote:
> If you are able to generate colliding signatures for a target (chosen) key,
> this may amount to an impersonation attack, depending on the exact
> origin authentication checks -- which may be considered even worse
> than a repudiation issue.
> 

No, I didn't claim this.

> If what you can do is to generate two new key pairs, where the
> signatures made by first can be verified as signed by the second (or
> viceversa), then this provides plausible deniability, and the
> possibility to repudiate any valid signature made by any of the
> affected signing keys.
>

Yes, exactly what I claimed. Posted the keys and x509 certificates,
which can be verified with openssl.

The keys (possibly except g=1) are not valid, but appear to be accepted
by openssl without error. The certificates appear to be valid (not
counting the key issues).



More information about the cypherpunks mailing list