Selective forgery of rsa signatures with fixed-pattern padding

Arjen K. Lenstra, Igor E. Shparlinski

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)

Abstract

We present a practical selective forgery attack against RSA signatures with fixed-pattern padding shorter than two thirds of the modulus length. Our result extends the practical existential forgery of such RSA signatures that was presented at Crypto 2001. For an n-bit modulus the heuristic asymptotic runtime of our forgery is comparable to the time required to factor a modulus of only 9/64 n bits. Thus, the security provided by short fixed-pattern padding is negligible compared to the security it is supposed to provide.

Original languageEnglish
Title of host publicationPublic Key Cryptography
Subtitle of host publication5th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2002 Paris, France, February 12–14, 2002 Proceedings
EditorsDavid Naccache, Pascal Paillier
Place of PublicationBerlin
PublisherSpringer, Springer Nature
Pages228-236
Number of pages9
Volume2274
ISBN (Print)3540431683, 9783540431688
DOIs
Publication statusPublished - 2002
Event5th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2002 - Paris, France
Duration: 12 Feb 200214 Feb 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2274
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other5th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2002
CountryFrance
CityParis
Period12/02/0214/02/02

Fingerprint Dive into the research topics of 'Selective forgery of rsa signatures with fixed-pattern padding'. Together they form a unique fingerprint.

Cite this