Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Asymptotic semismoothness probabilities
Mathematics of Computation
Collision-free accumulators and fail-stop signature schemes without trees
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Twin signatures: an alternative to the hash-and-sign paradigm
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Proceedings of the 2006 international conference on Wireless communications and mobile computing
A new signature scheme without random oracles
International Journal of Security and Networks
A Storage Efficient Redactable Signature in the Standard Model
ISC '09 Proceedings of the 12th International Conference on Information Security
Chosen-Ciphertext Secure RSA-Type Cryptosystems
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Twin Signature Schemes, Revisited
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Two birds one stone: signcryption using RSA
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Generic security-amplifying methods of ordinary digital signatures
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Online/offline signature schemes for devices with limited computing capabilities
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Off-line/on-line signatures: theoretical aspects and experimental results
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
(If) size matters: size-hiding private set intersection
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
How (Not) to design strong-RSA signatures
Designs, Codes and Cryptography
Tight proofs for signature schemes without random oracles
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
New online/offline signature schemes without random oracles
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
A generic construction of secure signatures without random oracles
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
A practical and tightly secure signature scheme without hash function
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Cryptography and Security
Generic security-amplifying methods of ordinary digital signatures
Information Sciences: an International Journal
Hi-index | 0.00 |
We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme's security is based on two assumptions namely the strong RSA assumption and the existence of a division-intractable hash-function. For the latter, the authors conjectured a security level exponential in the hash-function's digest size whereas our attack is sub-exponential with respect to the digest size. Moreover, since the new attack is optimal, the length of the hash function can now be rigorously fixed. In particular, to get a security level equivalent to 1024-bit RSA, one should use a digest size of approximately 1024 bits instead of the 512 bits suggested in [9].