On the Security of RSA Screening
نویسندگان
چکیده
Since many applications require the verification of large sets of signatures, it is sometimes advantageous to perform a simultaneous verification instead of checking each signature individually. The simultaneous processing, called batching, must be provably equivalent to the sequential verification of all signatures. In eurocrypt’98, Bellare et al. [1] presented a fast RSA batch verification scheme, called screening. Here we successfully attack this algorithm by forcing it to accept a false signature and repair it by implementing an additional test.
منابع مشابه
Comparison of two Public Key Cryptosystems
Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...
متن کاملQTRU: quaternionic version of the NTRU public-key cryptosystems
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...
متن کاملEconomic Appraisal of Urine Opiates Screening Test: A Study in Kerman, Iran
Background: Cost effectiveness, the ratio of relative costs of a program to its desired outcomes, is one of the basic issues in various screening programs performed to detect opium abuse. This study aimed to find the cost-effectiveness of opiates abuse screening through urine analysis. Methods: A total number of 64698 individuals were selected and divided into to five distinct groups based on t...
متن کاملDouble voter perceptible blind signature based electronic voting protocol
Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this p...
متن کاملUnprovable Security of RSA-OAEP in the Standard Model
Consider the provable security of RSA-OAEP when not instantiated with random oracles. Suppose a security reduction exists to show that finding a plaintext from a RSA-OAEP ciphertext (breaking the basic OW-CPA security) is as hard as the RSA problem. • The reduction can be used in an adaptive chosen ciphertext text (IND-CCA2) attack against RSA-OAEP. • The reduction cannot succeed in the random ...
متن کامل