Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Digital signatures with RSA and other public-key cryptosystems
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
| Hi-index | 0.00 |
Two simple redundancy schemes are shown to be inadequate in securing RSA signatures against attacks based on multiplicative properties. The schemes generalize the requirement that each valid message starts or ends with a fixed number of zero bits. Even though only messages with proper redundancy are signed, forgers are able to construct signatures on messages of their choice.