×

From fixed-length to arbitrary-length RSA padding schemes. (English) Zbl 0966.94020

Okamoto, Tatsuaki (ed.), Advances in cryptology - ASIACRYPT 2000. 6th international conference on the Theory and application of cryptology and information security, Kyoto, Japan, December 3-7, 2000. Proceedings. Berlin: Springer. Lect. Notes Comput. Sci. 1976, 90-96 (2000).
Summary: A common practice for signing with RSA is to first apply a hash function or a redundancy function to the message, add some padding and exponentiate the resulting padded message using the decryption exponent. This is the basis of several existing standards. In this paper we show how to build a secure padding scheme for signing arbitrarily long messages with a secure padding scheme for fixed-size messages. This focuses more sharply the question of finding a secure encoding for RSA signature, by showing that the difficulty is not in handling messages of arbitrary length, but rather in finding a secure redundancy function for short messages, which remains an open problem.
For the entire collection see [Zbl 0952.00064].

MSC:

94A62 Authentication, digital signatures and secret sharing
94A60 Cryptography
PDFBibTeX XMLCite