ABSTRACT
A theoretical analysis of success probabilities of sequential meet-in-the-middle attacks on certain digital signature schemes is here provided. Two variations of such attacks with known used signatures are considered, and several practical hints for the design of both optimal attack strategies and of secure digital signature schemes are pointed out.
