Daniel Bleichenbacher presented an implementation attack against DSA in 2001 titled "On the generation of DSS one-time keys". I think it made the rounds as a preprint, but I don't know if it was ever officially published. It's cited frequently (e.g. in the SEC1 doc http://www.secg.org/download/aid-780/sec1-v2.pdf), but I cannot seem to locate a copy.
Can anyone point me to a copy of this preprint? -James
Description: OpenPGP digital signature