Ehud Altman, Kenneth R. Brown, et al.
PRX Quantum
We describe two different attacks against the ISO/IEC 9796-1 signature standard for RSA and Rabin. Both attacks consist in an existential forgery under a chosen-message attack: the attacker asks for the signature of some messages of his choice, and is then able to produce the signature of a message that was never signed by the legitimate signer. The first attack is a variant of Desmedt and Odlyzko's attack and requires a few hundreds of signatures. The second attack is more powerful and requires only three signatures. © 2007 International Association for Cryptologic Research.
Ehud Altman, Kenneth R. Brown, et al.
PRX Quantum
Heng Cao, Haifeng Xi, et al.
WSC 2003
Shu Tezuka
WSC 1991
Richard M. Karp, Raymond E. Miller
Journal of Computer and System Sciences