Skip to main content
Conference ProceedingsOPEN ACCESS

Cryptanalysis of RSA signatures with fixed-pattern padding

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001) 2139 LNCS 433-439
DOI: 10.1007/3-540-44647-8_25
7Citations
Citations of this article
41Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

A fixed-pattern padding consists in concatenating to the message m a fixed pattern P. The RSA signature is then obtained by computing (P|m)d mod N where d is the private exponent and N the modulus. In Eurocrypt '97, Girault and Misarsky showed that the size of P must be at least half the size of N (in other words the parameter configurations |P| |N|/2. In this paper we show that the size of P must be at least two-thirds of the size of N, i.e. we show that |P| < 2|N|/3 is insecure. © Springer-Verlag Berlin Heidelberg 2001.

Author supplied keywords

Cite

CITATION STYLE

APA

Brier, E., Clavier, C., Coron, J. S., & Naccache, D. (2001). Cryptanalysis of RSA signatures with fixed-pattern padding. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2139 LNCS, pp. 433–439). Springer Verlag. https://doi.org/10.1007/3-540-44647-8_25

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free