Citations: the Security of Some Variants of the RSA Signature Scheme

13 citations found. Retrieving documents...

M. Michels, M. Stadler and H.-M. Sun, On the security of some variants of the RSA signature scheme, Computer security-esorics'98, Springer-Verlag, Lectures notes in computer science 1485, pp. 85-96, 1998.

Home/Search Document Details and Download Summary Related Articles Check

This paper is cited in the following contexts:

Protecting Secret Keys with Blind Computation Service - Kwon, Cho (2002) (Correct)

....be used as a blind computing function for the BCS service. In this paper, we use D. Chaum s blind signature scheme for blind computation [5] His scheme is based on RSA, which is most widely used among computers and information systems. But his scheme is vulnerable to the chosen message attack [8]. To overcome the chosen message attack, a new padding function P (m) which is defined as follows in Z n , is used [8] P (m) a 1 a with a 1 = h(m) and a i = h(a 1 i 1 ) 1 i#t and P (m) where denotes a bit concatenation and n denotes a bit length of an integer n. ....

....blind computation [5] His scheme is based on RSA, which is most widely used among computers and information systems. But his scheme is vulnerable to the chosen message attack [8] To overcome the chosen message attack, a new padding function P (m) which is defined as follows in Z n , is used [8]. P (m) a 1 a with a 1 = h(m) and a i = h(a 1 i 1 ) 1 i#t and P (m) where denotes a bit concatenation and n denotes a bit length of an integer n. h(m) denotes a one way hash function such as SHA 1 or MD5. So, the new signing function for a message m becomes # ....

Michels, M., Stadler, M., Sun, H--M.: On the Security of some Variants of the RSA Signature Scheme. European Symposium on Research in Computer Security -- ESORICS'98. Springer--Verlag, (1998) 85--96

The Power of RSA Inversion Oracles and the.. - Bellare.. (2001) (6 citations) (Correct)

....of valid message tag pairs that a forger can produce cannot exceed the number of executions of the blind signature protocol in which it engages with the signer. It is the unforgeability property that has been the open question about the RSA based blind signature scheme. Michels, Stadler and Sun [15] show that one can successfully obtain one more forgery if the hash function is poorly implemented. Here, we will assume that the hash function is a random oracle. The forger and signer both get an oracle for H. In that case, the signature scheme is the FDH scheme of [4] This scheme is proven ....

M. Michels, M. Stadler, and H. Sun. The security of some variants of the RSA signature scheme. In Y. Deswarte, editor, Computer Security { ESORICS ' 98, volume 1485 of Lecture Notes in Computer Science, pages 85-96. Springer-Verlag, Berlin Germany, 1998.

On the Security of RSA Padding - Coron, Naccache, Stern (1999) (15 citations) (Correct)

....RSA forgeries. Davida s observation [9] is the basis of most RSA forgery techniques. 16, 24] forge signatures that are similar to pkcs #1 v2.0 but do not produce their necessary SHA MD5 digests [31, 34] 15] analyzes the security of RSA signatures in an interactive context. Michels et al. [28] create relations between the exponents of de Jonge Chaum and Boyd s schemes; their technique extends to blind RSA but does not apply to any of the padding schemes attacked in this paper. Baudron and Stern [4] apply lattice reduction to analyze the security of RSA ffi in a security proof ....

M. Michels, M. Stadler and H.-M. Sun, On the security of some variants of the RSA signature scheme, Computer security-esorics'98, SpringerVerlag, Lectures notes in computer science 1485, pp. 85--96, 1998.

Secure Hash-and-Sign Signatures without the Random Oracle - Gennaro, Halevi, Rabin (1999) (95 citations) (Correct)

....message before applying the RSA function. Quite recently, Boyd suggested in [4] a scheme which is very similar to ours, except that the public base has a prime order, and the hash function is not division intractable. The latter difference proved to be a fatal one, when Michels et.al. showed in [17] how Shamir s method from [20] can be used to break Boyd s scheme. In the same work, Michels et.al. also demonstrated that the schemes from [15] can be broken when no hashing is done. 2 Preliminaries Before discussing our scheme, let us briefly present some notations and definitions which are ....

M. Michels, M. Stadler and H.-M. Sun. On the Security of Some Variants of the RSA Signature Scheme. Computer Security - ESORICS '98, LNCS vol. 1485, Springer-Verlag, 1998, pages 85--96.

Padding Attacks on RSA - David Naccache Gemplus (Correct)

The One-More-RSA-Inversion Problems and the.. - Bellare.. (2001) (10 citations) (Correct)

No context found.

M. Michels, M. Stadler, and H. Sun. The security of some variants of the RSA signature scheme. In Y. Deswarte, editor, Computer Security { ESORICS ' 98, volume 1485 of Lecture Notes in Computer Science, pages 85-96. Springer-Verlag, Berlin Germany, 1998.

On the Security of RSA Padding - Coron, Naccache, Stern (1999) (15 citations) (Correct)

Padding Attacks on RSA - Naccache (1999) (Correct)

On the Security of RSA Padding - Coron, Naccache, Stern (1999) (15 citations) (Correct)

Padding Attacks on RSA - Naccache (1999) (Correct)

On the Security of RSA Padding - Coron, Naccache, Stern (1999) (15 citations) (Correct)

Padding Attacks on RSA - Naccache (1999) (Correct)

No context found.

M. Michels, M. Stadler and H.-M. Sun, On the security of some variants of the RSA signature scheme, Computer security-esorics'98, Springer-Verlag, Lectures notes in computer science 1485, pp. 85--96, 1998.

Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback

CiteSeer.IST - Copyright Penn State and NEC