How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
An Efficient Existentially Unforgeable Signature Scheme and its Applications
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Malicious Cryptography: Exposing Cryptovirology
Malicious Cryptography: Exposing Cryptovirology
Trading one-wayness against chosen-ciphertext security in factoring-based encryption
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Discrete-Log-Based signatures may not be equivalent to discrete log
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Analysis of random oracle instantiation scenarios for OAEP and other practical schemes
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the generic insecurity of the full domain hash
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
A survey of homomorphic encryption for nonspecialists
EURASIP Journal on Information Security
Chosen-Ciphertext Secure RSA-Type Cryptosystems
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
On Generic Constructions of Designated Confirmer Signatures
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Decryptable searchable encryption
ProvSec'07 Proceedings of the 1st international conference on Provable security
On the impossibility of instantiating PSS in the standard model
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
How (Not) to design strong-RSA signatures
Designs, Codes and Cryptography
Separating short structure-preserving signatures from non-interactive assumptions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
On the instantiability of hash-and-sign RSA signatures
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Hi-index | 0.00 |
It is well-known that RSA signatures such as FDH, PSS or PSS-R are as secure as RSA is hard to invert in the random oracle (RO) model. Such proofs, however, have never been discovered in the standard model. This paper provides an explanation of this gap by pointing out a strong impossibility of equivalence between inverting RSA and any form of unforgeability for a wide class of RSA signatures. In particular, our impossibility results explicitly assume that the public key is made of a single RSA instance, that hash functions involved in the signature padding are unkeyed and that key generation fulfils a natural property which we call instance-non-malleability. Beyond showing that any RSA-based signature scheme of that type black-box separates the RO model from the standard model in a strong sense, our work leaves the real-life security of well-known signatures in a state of uncertainty.