对数字签名算法的数学攻击
[英]Mathematical attack on the Digital Signature Algorithm
问题描述
Does anybody know the mathematics behind an attack on DSA where modulus p has p-1 made up of only small factors. 
有人知道DSA攻击背后的数学原理吗,其中模数p的p-1仅由小因素组成。 In reality, this would not happen as the key generator would guarantee that this is not so. 实际上,这不会发生,因为密钥生成器将保证并非如此。
There is much information on the web on generating good input paramters for DSA so that it is hard to crack but no information on how you find X if modulus p has p-1 made up of only small factors. 网上有很多关于为DSA生成良好的输入参数的信息,因此很难破解,但是如果模数p的p-1仅由小因素组成,则如何找到X的信息就不多。
1 个解决方案
解决方案1
5 已采纳 2010-04-01 08:30:04
Pohlig-Hellman would work. Pohlig-Hellman会工作。
However, the DSA standard explicitly requires that one of the prime factors of p-1 is large. 但是,DSA标准明确要求p-1的主要因素之一很大。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.