From Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes

  • Geneviève Arboit1
  • Jean-Marc Robert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)


We show how to construct a practical secure signature padding scheme for arbitrarily long messages from a secure signature padding scheme for fixed-length messages. This new construction is based on a one-way compression function respecting the division intractability assumption. By practical, we mean that our scheme can be instantia- ted using dedicated compression functions and without chaining. This scheme also allows precomputations on partially received messages. Finally, we give an instantiation of our scheme using SHA-1 and PKCS #1ver. 1.5.


Digital signature padding scheme provable security atomic primitive RSA hash-and-sign division intractability smooth numbers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BP97]
    N. Barić and B. Ptzmann. Collision-free accumulators and Fail-stop signature schemes without trees. In W. Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, Lecture Notes in Computer Science Vol. 1233, pages 480–494. Springer, 1997.Google Scholar
  2. [BR96]
    M. Bellare and P. Rogaway. The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology-EUROCRYPT’ 96, pages 399–416, 1996.Google Scholar
  3. [BSNP95]
    S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk. Cryptographic Hash Functions: A Survey. Technical Report 95-09, University of Wollongong, 1995.Google Scholar
  4. [CKN00]
    J.-S. Coron, F. Koeune, and D. Naccache. From fixed-length to arbitrary-length RSA padding schemes. In Advances in Cryptology-ASIACRYPT’ 00. Springer, 2000. To appear.Google Scholar
  5. [GHR99]
    R. Gennaro, S. Halevi, and T. Rabin. Secure Hash-and-Sign Signatures without the Random Oracle. In J. Stern, editor, Advances in Cryptology-EUROCRYPT’ 99, Vol. 1592 of Lecture Notes in Computer Science, pages 123–139. Springer, 1999. Scholar
  6. [GMR88]
    S. Goldwasser, S. Micali, and R. L. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM Journal on Computing, 17(2):281–308, 1988. March 23, 1995 revision.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [Lub96]
    M. Luby. Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
  8. [Mis98]
    J.-F. Misarsky. How (Not) to Design Signature Schemes.In Proceedings of PKC’ 98, Lecture Notes in Computer Science Vol. 1431. Springer, 1998.Google Scholar
  9. [PS96]
    J. Pieprzyk and B. Sadeghiyan. Design of Hashing Algorithms. Lecture Notes in Computer Science Vol. 756. Springer, 1996.Google Scholar
  10. [RSA78]
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. CACM, 21, 1978.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Geneviève Arboit1
    • 1
  • Jean-Marc Robert
    • 2
  1. 1.School of Computer ScienceMcGill UniversityMontréalCANADA
  2. 2.Gemplus Card InternationalMontréal R&D CenterCANADA

Personalised recommendations