摘要: The RSA Probabilistic Signature Scheme (RSA-PSS) due to Bellare and Rogaway (EUROCRYPT 1996) is a widely deployed signature scheme. In particular it suggested replacement for the deterministic Full Domain Hash (RSA-FDH) by (ACM CCS 1993) PKCS# v1.5 (RFC 2313), as can provide stronger security guarantees. It has since been shown Kavki Kiltz 2012, Journal of Cryptology 2018) that RSA-FDH provides similar RSA-PSS, also in case when RSA-PSS not randomized. Recently, Jager, Kakvi May showed PKCS#1 gives comparable both RSA-PSS. However, all these proofs consider each scheme isolation, where practice this case. most interesting TLS 1.3, signatures are still included reasons backwards compatibility, meaning implemented. To save space, key material shared between two schemes, which means aforementioned no longer apply. We investigate joint usage context Sibling Signatures, were introduced Camenisch, Drijvers, Dubovitskaya 2017). must be noted we standardised version (IEEE Standard P1363-2000), deviates from original considered previous papers. able show indeed secure, achieves level closely matches PKCS\#1 schemes safely used, if output lengths hash functions chosen appropriately.
acm.org
sci-hub.se 参考文章(27)
Saqib A. Kakvi, Eike Kiltz, Optimal Security Proofs for Full Domain Hash, Revisited Journal of Cryptology. ,vol. 31, pp. 276- 306 ,(2018) , 10.1007/S00145-017-9257-9
J.-S. Coron, On the exact security of Full Domain Hash Lecture Notes in Computer Science. pp. 229- 235 ,(2000)
John Kelsey, Shu-jen Change, Ray Perlner, SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and ParallelHash Special Publication (NIST SP) - 800-185. ,(2016) , 10.6028/NIST.SP.800-185
Jan Camenisch, Manu Drijvers, Maria Dubovitskaya, Practical UC-Secure Delegatable Credentials with Attributes and Their Application to Blockchain computer and communications security. pp. 683- 699 ,(2017) , 10.1145/3133956.3134025
Alexander May, Tibor Jager, Saqib A. Kakvi, On the Security of the PKCS#1 v1.5 Signature Scheme. IACR Cryptology ePrint Archive. ,vol. 2018, pp. 855- ,(2018)
Yannick Seurin, On the Lossiness of the Rabin Trapdoor Function public key cryptography. pp. 380- 398 ,(2014) , 10.1007/978-3-642-54631-0_22
Mark Lewko, Adam O’Neill, Adam Smith, Regularity of Lossy RSA on Subdomains and Its Applications theory and application of cryptographic techniques. pp. 55- 75 ,(2013) , 10.1007/978-3-642-38348-9_4
Adam Smith, Ye Zhang, On the Regularity of Lossy RSA Theory of Cryptography. pp. 609- 628 ,(2015) , 10.1007/978-3-662-46494-6_25
Mihir Bellare, Moti Yung, Certifying Cryptographic Tools: The Case of Trapdoor Permutations international cryptology conference. pp. 442- 460 ,(1992) , 10.1007/3-540-48071-4_31
Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 international cryptology conference. pp. 1- 12 ,(1998) , 10.1007/BFB0055716