From Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes
- 1.1k Downloads
We show how to construct a practical secure signature padding scheme for arbitrarily long messages from a secure signature padding scheme for fixed-length messages. This new construction is based on a one-way compression function respecting the division intractability assumption. By practical, we mean that our scheme can be instantia- ted using dedicated compression functions and without chaining. This scheme also allows precomputations on partially received messages. Finally, we give an instantiation of our scheme using SHA-1 and PKCS #1ver. 1.5.
KeywordsDigital signature padding scheme provable security atomic primitive RSA hash-and-sign division intractability smooth numbers
Unable to display preview. Download preview PDF.
- [BP97]N. Barić and B. Ptzmann. Collision-free accumulators and Fail-stop signature schemes without trees. In W. Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, Lecture Notes in Computer Science Vol. 1233, pages 480–494. Springer, 1997.Google Scholar
- [BR96]M. Bellare and P. Rogaway. The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology-EUROCRYPT’ 96, pages 399–416, 1996.Google Scholar
- [BSNP95]S. Bakhtiari, R. Safavi-Naini, and J. Pieprzyk. Cryptographic Hash Functions: A Survey. Technical Report 95-09, University of Wollongong, 1995.Google Scholar
- [CKN00]J.-S. Coron, F. Koeune, and D. Naccache. From fixed-length to arbitrary-length RSA padding schemes. In Advances in Cryptology-ASIACRYPT’ 00. Springer, 2000. To appear.Google Scholar
- [Lub96]M. Luby. Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
- [Mis98]J.-F. Misarsky. How (Not) to Design Signature Schemes.In Proceedings of PKC’ 98, Lecture Notes in Computer Science Vol. 1431. Springer, 1998.Google Scholar
- [PS96]J. Pieprzyk and B. Sadeghiyan. Design of Hashing Algorithms. Lecture Notes in Computer Science Vol. 756. Springer, 1996.Google Scholar
- [RSA78]R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. CACM, 21, 1978.Google Scholar