A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
On the Security of RSA Padding
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the Exact Security of Full Domain Hash
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Threshold Cryptosystems Based on Factoring
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Black-box reductions and separations in cryptography
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Why “fiat-shamir for proofs” lacks a proof
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
| Hi-index | 0.00 |
We study the security of partial-domain hash signature schemes, in which the output size of the hash function is only a fraction of the modulus size. We show that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the random oracle model, if the output size of the hash function is larger than 2/3 of the modulus size. This provides a security proof for a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5, in which a larger digest size is used.