On Rabin-Type Signatures
نویسندگان
چکیده
This paper specializes the signature forgery by Coron, Naccache and Stern (1999) to Rabin-type systems. We present a variation in which the adversary may derive the private keys and thereby forge the signature on any chosen message. Further, we demonstrate that, contrary to the RSA, the use of larger (even) public exponents does not reduce the complexity of the forgery. Finally, we show that our technique is very general and applies to any Rabin-type system designed in a unique factorization domain, including the Williams’ M 3 scheme (1986), the cubic schemes of Loxton et al. (1992) and of Scheidler (1998), and the cyclotomic schemes (1995).
منابع مشابه
Proving Tight Security for Standard Rabin-williams Signatures
This paper discusses the security of the Rabin-Williams publickey signature system with a deterministic signing algorithm that computes “standard signatures.” The paper proves that any generic attack on standard Rabin-Williams signatures can be mechanically converted into a factorization algorithm with comparable speed and approximately the same effectiveness. “Comparable” and “approximately” a...
متن کاملHow to Compress Rabin Ciphertexts and Signatures (and More)
Ordinarily, RSA and Rabin ciphertexts and signatures are log N bits, where N is a composite modulus; here, we describe how to “compress” Rabin ciphertexts and signatures (among other things) down to about (2/3) log N bits, while maintaining a tight provable reduction from factoring in the random oracle model. The computational overhead of our compression algorithms is small. We also improve upo...
متن کاملRSA-Based Undeniable Signatures for General Moduli
Gennaro, Krawczyk and Rabin gave the first undeniable signature scheme based on RSA signatures. However, their solution required the use of RSA moduli which are a product of safe primes. This paper gives techniques which allow RSA-based undeniable signatures for gen-
متن کاملRSA signatures and Rabin–Williams signatures: the state of the art
State-of-the-art modular-root signature systems incorporate many useful features that were not present in the original RSA signature system. This paper surveys those features.
متن کاملA Lightweight Scheme for Protecting AS-PATH Attributes of Update Messages
In existing schemes for protecting AS-PATH attributes of update messages, the security of S-BGP and BGPSEC has received wide acceptance. Yet, in S-BGP or BGPSEC, the number of signatures in a route attestation is linear in the length of AS-PATH, which is one of major hurdles of deploying in the real world and thus is an important and urgent problem. Existing schemes for solving this problem red...
متن کامل