Abstract.
The RSA and Rabin encryption functions are respectively defined as E N (x) = x e mod N and E N (x) = x 2 mod N , where N is a product of two large random primes p , q and e is relatively prime to φ (N) . We present a simpler and tighter proof of the result of Alexi et al. [ACGS] that the following problems are equivalent by probabilistic polynomial time reductions: (1) given E N (x) find x; (2) given E N (x) predict the least-significant bit of x with success probability 1/2 + 1/poly(n) , where N has n bits. The new proof consists of a more efficient algorithm for inverting the RSA/ Rabin function with the help of an oracle that predicts the least-significant bit of x . It yields provable security guarantees for RSA message bits and for the RSA random number generator for modules N of practical size.
Article PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Received 12 July 1996 and revised 8 January 1999
Rights and permissions
About this article
Cite this article
Fischlin, R., Schnorr, C. Stronger Security Proofs for RSA and Rabin Bits. J. Cryptology 13, 221–244 (2000). https://doi.org/10.1007/s001459910008
Published:
Issue Date:
DOI: https://doi.org/10.1007/s001459910008