Abstract
Consider the classical ElGamal digital signature scheme based on the modular relation αm ≡ yrrs[p]. In this work, we prove that if we can compute a natural integer i such that αi mod p is smooth and divides p − 1, then it is possible to sign any given document without knowing the secret key. Therefore we extend and reinforce Bleichenbacher's attack presented at Eurocrypt'96.
MSC 2010: