Advertisement

Journal of Cryptology

, Volume 13, Issue 2, pp 221–244 | Cite as

Stronger Security Proofs for RSA and Rabin Bits

  • R. Fischlin
  • C. P. Schnorr
Article

Abstract.

The RSA and Rabin encryption functions are respectively defined as E N (x) = x e mod N and E N (x) = x 2 mod N , where N is a product of two large random primes p , q and e is relatively prime to φ (N) . We present a simpler and tighter proof of the result of Alexi et al. [ACGS] that the following problems are equivalent by probabilistic polynomial time reductions: (1) given E N (x) find x; (2) given E N (x) predict the least-significant bit of x with success probability 1/2 + 1/poly(n) , where N has n bits. The new proof consists of a more efficient algorithm for inverting the RSA/ Rabin function with the help of an oracle that predicts the least-significant bit of x . It yields provable security guarantees for RSA message bits and for the RSA random number generator for modules N of practical size.

Key words. RSA function, Rabin function, RSA random number generator, Perfect pseudorandom number generator. 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2000

Authors and Affiliations

  • R. Fischlin
    • 1
  • C. P. Schnorr
    • 1
  1. 1.Fachbereich Mathematik/Informatik, Universität Frankfurt, PSF 111932Frankfurt/MainGermany

Personalised recommendations