Stronger Security Proofs for RSA and Rabin Bits
- 312 Downloads
The RSA and Rabin encryption functions are respectively defined as E N (x) = x e mod N and E N (x) = x 2 mod N , where N is a product of two large random primes p , q and e is relatively prime to φ (N) . We present a simpler and tighter proof of the result of Alexi et al. [ACGS] that the following problems are equivalent by probabilistic polynomial time reductions: (1) given E N (x) find x; (2) given E N (x) predict the least-significant bit of x with success probability 1/2 + 1/poly(n) , where N has n bits. The new proof consists of a more efficient algorithm for inverting the RSA/ Rabin function with the help of an oracle that predicts the least-significant bit of x . It yields provable security guarantees for RSA message bits and for the RSA random number generator for modules N of practical size.
Unable to display preview. Download preview PDF.