Selective forgery of RSA signatures with fixed-pattern padding

Arjen Lenstra
2002
Conference paper

Abstract

We present a practical selective forgery attack against RSA signatures with fixed-pattern padding shorter than two thirds of the modulus length. Our result extends the practical existential forgery of such RSA signatures (Brier et al., 2001). For an n-bit modulus the heuristic asymptotic runtime of our forgery is comparable to the time required to factor a modulus of only 9/64 n bits. Thus, the security provided by short fixed-pattern padding is negligible compared to the security it is supposed to provide

Official source

https://infoscience.epfl.ch/record/149709?ln=en

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related concepts (23)

Related publications (32)

Selective forgery of RSA signatures with fixed-pattern padding

Stiff, Strong, Tough, and Highly Stretchable Hydrogels Based on Dual Stimuli-Responsive Semicrystalline Poly(urethane–urea) Copolymers

Computational micromechanics of porous brittle solids

Stiff, Strong, Tough, and Highly Stretchable Hydrogels Based on Dual Stimuli-Responsive Semicrystalline Poly(urethane–urea) Copolymers

Computational micromechanics of porous brittle solids