Join Log in
Score:2
cryptoQueen avatar Crypto

Why are there two Challenges in the DSA Identification Scheme?

at flag
cryptoQueen

Would either $\alpha$ or $r$ suffice as challenge?

I am aware that the signature and verification were to adapt. However, what is the motivation behind using two challenges?

DSA Identification Scheme According to "Introduction to Modern Cryptography" by Katz & Lindell

49
1 + 0
Score:0
xacid avatar Crypto
ee flag
xacid

Assume the verifier is honest so that the adversary wants to fool the verifier using a previous transcript.

$\alpha$ is necessary. If not, then let $\alpha=0$. The adversary gets $g^k, r, s = k^{-1}xr$ and computes $k^{-1}x$. Then, for some random $t$ it computes $I' = g^{tk}, u' = (tk)^{-1}x$ which can fool the verifier for any random challenge $r'$ by sending $I'$ and $s' = u'r'$.

I am unsure if $r$ is necessary. Please post the full context.

+ 2
whatf0xx avatar
zw flag
whatf0xx
Without r, if Eve can get the prover to use the same k to sign two different values of alpha then she can recover k, and hence x, the private key. If r is included, this doesn't work. I am trying to find a solution for how alpha lets the private key be recovered from a single signature, or similar, but this is potentially also a good reason.
0
Reply
xacid avatar
ee flag
xacid
I agree with that the attack works when "use the same k" twice. However, this is unnatural since the prover is partly compromised and $k$ is the only randomization of the prover.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.