How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
RSA-bits are 0.5 + &egr; secure
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
How discreet is the discrete log?
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
On the cryptographic security of single RSA bits
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Probabilistic encryption: theory and applications (partial information, factoring, pseudo random bit generation)
Why and how to establish a private code on a public network
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Algorithmic derandomization via complexity theory
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
A Secure Poker Protocol that Minimizes the Effect of Player Coalitions
CRYPTO '85 Advances in Cryptology
The security of all RSA and discrete log bits
Journal of the ACM (JACM)
Trading one-wayness against chosen-ciphertext security in factoring-based encryption
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
We prove that RSA least significant bit is 1/2 + 1/logc N secure, for any constant c (where N is the RSA modulus). This means that an adversary, given the ciphertext, cannot guess the least significant bit of the plaintext with probability better than 1/2 + 1/logc N unless he can break RSA.Our proof technique is strong enough to give, with slight modifications, the following related results: (1) The log log N least significant bits are simultaneously 1/2 + 1/logc N secure. (2) The above also holds for Rabin's encryption function.Our results imply that Rabin/RSA encryption can be directly used for pseudo random bits generation, provided that factoring/inverting RSA is hard.