[Cryptography] Signing "random garbage" with someone else's public key
James A. Donald
jamesd at echeque.com
Thu Mar 2 21:27:10 EST 2017
On 3/3/2017 2:55 AM, Georgi Guninski wrote:
> Assume you know someone's public key and one valid signature of
> message M. Further assume you can sign with this key a lot of other
> messages which are "random garbage". By random garbage I mean
> something that is a function of M and other parameter and it is not
> directly under your control (you can't sign anything of your choice).
> The signing is in the mathematical model, not taking into account
> hash functions.
>
> Is this scenario attack at all? If yes how bad it is considered?
Yes it is considered an attack, and all signing algorithms have a hash
step to protect against this attack - the thing you sign has to be not
an arbitrary value, but a one way hash of some value.
More information about the cryptography
mailing list