From Fixed-Length to Arbitrary-Length RSA Padding Schemes

Authors:
Jean-Sébastien Coron;François Koeune;David Naccache
Affiliations:
-;-;-
Venue:
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Year:
2000

Citing 6
Cited 3

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
How (not) to Design RSA Signature Schemes

PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The exact security of digital signatures-how to sign with RSA and Rabin

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques

From Fixed-Length Messages to Arbitrary-Length Messages Practical RSA Signature Padding Schemes

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Comparing with RSA

Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
From fixed-length to arbitrary-length RSA encoding schemes revisited

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

A common practice for signing with RSA is to first apply a hash function or a redundancy function to the message, add some padding and exponentiate the resulting padded message using the decryption exponent. This is the basis of several existing standards. In this paper we show how to build a secure padding scheme for signing arbitrarily long messages with a secure padding scheme for fixed-size messages. This focuses more sharply the question of finding a secure encoding for RSA signatures, by showing that the difficulty is not in handling messages of arbitrary length, but rather in finding a secure redundancy function for short messages, which remains an open problem.