[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BlueHat v13 crypto talks - request for leaks ;)

To: Peter Gutmann <[email protected]>
Subject: BlueHat v13 crypto talks - request for leaks ;)
From: [email protected] (Tom Ritter)
Date: Sat, 14 Dec 2013 15:23:50 -0500
Cc: cpunks <[email protected]>, [email protected]
In-reply-to: <[email protected]>
References: <CA+cU71nBb+3SW1dgfwWF2dNarYNkwJ5Pmusb_LcbrPFFzJsPyw@mail.gmail.com> <[email protected]>

On 14 December 2013 14:51, Peter Gutmann <[email protected]> wrote:

> For example if you
>  follow DSA's:
>
>   k = G(t,KKEY) mod q
>
> then you've leaked your x after a series of signatures, so you need to know
> that you generate a large-than-required value before reducing mod q.  The
> whole DLP family is just incredibly brittle, a problem that RSA doesn't
> have.
>

This is different from the normal 'repeated/non-random k leads to private
key', is it not?  Is there a paper/reference I can read more about this
attack?

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20131214/1a84865c/attachment.html>

Follow-Ups:
- BlueHat v13 crypto talks - request for leaks ;)
  - From: [email protected] (Peter Gutmann)

References:
- BlueHat v13 crypto talks - request for leaks ;)
  - From: [email protected] (Tom Ritter)
- BlueHat v13 crypto talks - request for leaks ;)
  - From: [email protected] (Peter Gutmann)

Prev by Date: Services Blocking Tor [was: Joke]
Next by Date: Joke
Previous by thread: BlueHat v13 crypto talks - request for leaks ;)
Next by thread: BlueHat v13 crypto talks - request for leaks ;)
Index(es):
- Date
- Thread