To sign with RSA, one usually encodes the message m as μ(m) and then raises the result to the private exponent modulo N. In Asiacrypt 2000, Coron et al. showed how to build a secure RSA encoding scheme μ′(m) for signing arbitrarily long messages from a secure encoding scheme μ(m) capable of handling only fixed-size messages, without making any additional assumptions. However, their construction required that the input size of μ be larger than the modulus size. In this paper we present a construction for which the input size of μ, does not have to be larger than N. Our construction shows that the difficulty in building a secure encoding for RSA signatures is not in handling messages of arbitrary length, but rather in finding a secure encoding function for short messages, which remains an open problem in the standard model. © International Association for Cryptologic Research 2005.
CITATION STYLE
Cathalo, J., Coron, J. S., & Naccache, D. (2005). From fixed-length to arbitrary-length RSA encoding schemes revisited. In Lecture Notes in Computer Science (Vol. 3386, pp. 234–243). Springer Verlag. https://doi.org/10.1007/978-3-540-30580-4_16
Mendeley helps you to discover research relevant for your work.