Abstract
Since many applications require the verification of large sets of signatures, it is sometimes advantageous to perform a simultaneous verification instead of checking each signature individually. The simultaneous processing, called batching, must be provably equivalent to the sequential verification of all signatures.
In eurocrypt’98, Bellare et al. [1] presented a fast RSA batch verification scheme, called screening. Here we successfully attack this algorithm by forcing it to accept a false signature and repair it by implementing an additional test.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Bellare, J. Garray and T. Rabin, Fast batch verification for modular exponentiation and digital signatures, Advances in Cryptology-eurocrypt’98 Proceedings, Lecture Notes in Computer Science vol. 1403, K. Nyberged., Springer-Verlag, 1998. Full on-line version via http://www-cse.ucsd.edu/users/mihir, 1998.
M. Bellare, P. Rogaway, The exact security of digital signatures: How to sign with RSA and Rabin, Advances in Cryptology-eurocrypt’96 Proceedings, Lecture Notes in Computer Science vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
M. Bellare, P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, First ACM Conference on computer and communications security, ACM, 1994.
G. Davida, Chosen signature cryptanalysis of the RSA (MIT) public-key cryptosystem, Technical report TR-CS-82-2, Department of EECS, University of Wisconsin, 1982.
C. Lim & P. Lee, Security of interactive DSA batch verification, Electronic Letters, vol. 30, no. 19, pp. 1592–1593, 1994.
D. Naccache, Unless modified Fiat-Shamir is insecure, Proceedings of the third symposium on state and progress of research in cryptography: SPRC’93, Fondazione Ugo Bordoni, W. Wolfowiczed., Roma, Italia, pp. 172–180, 1993.
D. Naccache, D. M’raïhi, S. Vaudenay & D. Raphaeli, Can DSA be improved? Complexity trade-offs with the digital signature standard, Advances in Cryptology-eurocrypt94 Proceedings, Lecture Notes in Computer Science vol. 950, A. de Santised., Springer-Verlag, pp. 77–85, 1995.
R. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21, pp. 120–126, 1978.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, J.S., Naccache, D. (1999). On the Security of RSA Screening. In: Public Key Cryptography. PKC 1999. Lecture Notes in Computer Science, vol 1560. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49162-7_15
Download citation
DOI: https://doi.org/10.1007/3-540-49162-7_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65644-9
Online ISBN: 978-3-540-49162-0
eBook Packages: Springer Book Archive