[Cryptography] Signing "random garbage" with someone else's public key
Georgi Guninski
guninski at guninski.com
Thu Mar 2 11:55:25 EST 2017
Assume you know someone's public key and one valid signature of
message M. Further assume you can sign with this key a lot of other
messages which are "random garbage". By random garbage I mean
something that is a function of M and other parameter and it is not
directly under your control (you can't sign anything of your choice).
The signing is in the mathematical model, not taking into account
hash functions.
Is this scenario attack at all? If yes how bad it is considered?
What is the cryptographic name of this (if any)?
Are any major algorithms known to be affected by this?
More information about the cryptography
mailing list