简介:Patarinproposedthedragonscheme,pointedouttheinsecurityofthedragonalgorithmwithonehiddenmonomialandsuggestedacandidatedragonsignaturealgorithmwithacomplicatedfunction.Thispaperpresentsanalgebraicmethodtoattackthecandidatedragonsignaturealgorithm.TheattackborrowsthebasicideaoftheattackduetoKipnisandShamir,andutilizestheunderlyingalgebraicstructureofthecandidatedragonsignaturealgorithmovertheextensionfieldtoderiveawaytoenablethevariableYbeviewedasafixedvalue.Theattackrecoverstheprivatekeysefficientlywhentheparametersaren≤25andD=[logqd]≤3.