Attacking DSA under a repeated bits assumptionNigel Smart, Dan Page, Peter Leadbitter, Attacking DSA under a repeated bits assumption. Cryptographic Hardware and Embedded Systems CHES 2004, pp. 428–440. July 2004. No electronic version available.
We discuss how to recover the private key for DSA style signature schemes if partial information about the ephemeral keys is revealed. The partial information we examine is of a second order nature that allows the attacker to know whether certain bits of the ephemeral key are equal, without actually knowing their values. Therefore, we extend the work of Howgrave-Graham, Smart, Nguyen and Shparlinski who, in contrast, examine the case where the attacker knows the actual value of such bits. We also discuss how such partial information leakage could occur in a real life scenario. Indeed, the type of leakage envisaged by our attack would appear to be feasible than that considered in the prior work.