Re: ElGamal signature encoding

Lewis McCarthy (lmccarth@cs.umass.edu)
Mon, 06 Apr 1998 12:51:09 -0400

• Next message: Peter Wayner: "mercury rising query..."
• Previous message: Lewis McCarthy: "Re: ElGamal signature encoding"
• In reply to: Werner Koch: "ElGamal signature encoding"
• Next in thread: Hal Finney: "Re: ElGamal signature encoding"

I wrote:
>> PKCS #1, uses FF padding to preclude a chosen ciphertext attack due to
>> Desmedt and Odlyzko (see the Notes in PKCS #1). The attack derives
 
Werner Koch writes:
> I do not have Crypto '85 here (and probably it is not available at a
> public library here :-().

You can get a preprint from Odlyzko's home page:
http://www.research.att.com/~amo

> I guess ElGamal is vulnerable to this attack and DSA is not.

I wouldn't expect either one to be vulnerable to this attack.

-- 
Lewis    http://www.cs.umass.edu/~lmccarth/
"He's a little stiff, but then so are most engineers" -Robots Rising

• Next message: Peter Wayner: "mercury rising query..."
• Previous message: Lewis McCarthy: "Re: ElGamal signature encoding"
• In reply to: Werner Koch: "ElGamal signature encoding"
• Next in thread: Hal Finney: "Re: ElGamal signature encoding"