From Fixed-Length to Arbitrary-Length RSA Padding Schemes

14 years 3 months ago

Download www.gemplus.com

A common practice for signing with RSA is to ﬁrst apply a hash function or a redundancy function to the message, add some padding and exponentiate the resulting padded message using the decryption exponent. This is the basis of several existing standards. In this paper we show how to build a secure padding scheme for signing arbitrarily long messages with a secure padding scheme for ﬁxed-size messages. This focuses more sharply the question of ﬁnding a secure encoding for RSA signatures, by showing that the diﬃculty is not in handling messages of arbitrary length, but rather in ﬁnding a secure redundancy function for short messages, which remains an open problem. Keywords. Signature scheme, provable security, padding scheme.

Jean-Sébastien Coron, François Koeun

Real-time Traffic

ASIACRYPT 2000 | Cryptology | Padding Scheme | Redundancy Function | Secure Padding Scheme |

claim paper

Post Info
More Details (n/a)

Added	02 Aug 2010
Updated	02 Aug 2010
Type	Conference
Year	2000
Where	ASIACRYPT
Authors	Jean-Sébastien Coron, François Koeune, David Naccache

Comments (0)

Sciweavers

From Fixed-Length to Arbitrary-Length RSA Padding Schemes

ASIACRYPT 2000 | Cryptology | Padding Scheme | Redundancy Function | Secure Padding Scheme |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers