From Fixed-Length to Arbitrary-Length RSA Padding Schemes

  • Jean-Sébastien Coron
  • Francois Koeune
  • David Naccache
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)


A common practice for signing with RSA is to first apply a hash function or a redundancy function to the message, add some padding and exponentiate the resulting padded message using the decryption exponent. This is the basis of several existing standards.

In this paper we show how to build a secure padding scheme for signing arbitrarily long messages with a secure padding scheme for fixed-size messages. This focuses more sharply the question of finding a secure encoding for RSA signatures, by showing that the difficulty is not in handling messages of arbitrary length, but rather in finding a secure redundancy function for short messages, which remains an open problem.


Signature scheme provable security padding scheme 


  1. 1.
    M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, The exact security of digital signatures-How to sign with RSA and Rabin, proceedings of Eurocrypt’96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399–416.Google Scholar
  3. 3.
    R. Canetti, O. Goldreich and S. Halevi, The Random Oracle Methodology,Re visited, STOC’ 98, ACM, 1998.Google Scholar
  4. 4.
    W. Diffe and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22, 6, pp. 644–654, 1976.CrossRefGoogle Scholar
  5. 5.
    S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal of computing, 17(2):281–308, april 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 9.
    J.F. Misarsky, How (not) to design signature schemes, proceedings of PKC’98, Lecture Notes in Computer Science vol. 1431, Springer Verlag, 1998.Google Scholar
  7. 10.
    R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, CACM 21, 1978.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  • Francois Koeune
    • 2
  • David Naccache
    • 3
  1. 1.Ecole Normale SupérieureParisFrance
  2. 2.UCL Crypto GroupBâtiment MaxwellLouvain-la-NeuveBelgium
  3. 3.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations