Random number generation and quasi-Monte Carlo methods
Random number generation and quasi-Monte Carlo methods
Cryptanalysis of RSA Signatures with Fixed-Pattern Padding
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract)
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Multiplicative Attack Using LLL Algorithm on RSA Signatures with Redundancy
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Selective forgery of RSA signatures using redundancy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of countermeasures proposed for repairing ISO 9796-1
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
When e-th roots become easier than factoring
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
| Hi-index | 0.00 |
We present a practical selective forgery attack against RSA signatures with fixed-pattern padding shorter than two thirds of the modulus length. Our result extends the practical existential forgery of such RSA signatures that was presented at Crypto 2001. For an n-bit modulus the heuristic asymptotic runtime of our forgery is comparable to the time required to factor a modulus of only 9/64n bits. Thus, the security provided by short fixed-pattern padding is negligible compared to the security it is supposed to provide.