A pseudo-random bit generator based on elliptic logarithms
Proceedings on Advances in cryptology---CRYPTO '86
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Pseudorandomness and Cryptographic Applications
Pseudorandomness and Cryptographic Applications
The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
On taking roots in finite fields
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Simple backdoors for RSA key generation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On subliminal channels in deterministic signature schemes
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
A space efficient backdoor in RSA and its applications
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Space-efficient kleptography without random oracles
IH'07 Proceedings of the 9th international conference on Information hiding
Two-Head dragon protocol: preventing cloning of signature keys
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
| Hi-index | 0.00 |
We present the first (1,2)-SETUP algorithm for the RSA digital signature scheme with appendix. A SETUP algorithm C′ is an algorithmic modification of algorithm C that (1) contains an asymmetric backdoor that can only be used by the designer, even if the backdoor algorithm is fully public, and (2) ensures that the public outputs of C and C′ are computationally indistinguishable under black-box queries. The SETUP is presented in RSASSA-PSS and it transmits the RSA private key within two w.l.o.g consecutive digital signatures. This problem has been solved for DSA and other discrete-log based digital signature algorithms, but not RSA. We therefore solve a long-standing problem in kleptography.