International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Security Proofs for the RSA-PSS Signature Scheme and Its Variants

Authors:
Jakob Jonsson
Download:
URL: http://eprint.iacr.org/2001/053
Search ePrint
Search Google
Abstract: We analyze the security of different versions of the adapted RSA-PSS signature scheme, including schemes with variable salt lengths and message recovery. We also examine a variant with Rabin-Williams (RW) as the underlying verification primitive. Our conclusion is that the security of RSA-PSS and RW-PSS in the random oracle model can be tightly related to the hardness of inverting the underlying RSA and RW primitives, at least if the PSS salt length is reasonably large. Our security proofs are based on already existing work by Bellare and Rogaway and by Coron, who examined signature schemes based on the original PSS encoding method.
BibTeX
@misc{eprint-2001-11465,
  title={Security Proofs for the RSA-PSS Signature Scheme and Its Variants},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / digital signatures, factoring, public-key cryptography, RSA},
  url={http://eprint.iacr.org/2001/053},
  note={An extended abstract of this paper is published in the proceedings of the Second Open NESSIE Workshop, 12-13 September 2001. jjonsson@rsasecurity.com 11767 received 27 Jun 2001, last revised 21 Mar 2002},
  author={Jakob Jonsson},
  year=2001
}