Abstract
A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is different from the one used for signing. The goal of this paper is to simplify this common setting. First, we show that PSS can also be used for encryption, and gives an encryption scheme semantically secure against adaptive chosenciphertext attacks, in the random oracle model. As a result, PSS can be used indifferently for encryption or signature. Moreover, we show that PSS allows to safely use the same RSA key-pairs for both encryption and signature, in a concurrent manner. More generally, we show that using PSS the same set of keys can be used for both encryption and signature for any trapdoor partial-domain one-way permutation. The practical consequences of our result are important: PKIs and public-key implementations can be significantly simplified.
Chapter PDF
Similar content being viewed by others
References
M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.
M. Bellare and P. Rogaway, Optimal Asymmetric Encryption, Proceedings of Eurocrypt’94, LNCS vol. 950, Springer-Verlag, 1994, pp. 92–111.
M. Bellare and P. Rogaway, The exact security of digital signatures — How to sign with RSA and Rabin. Proceedings of Eurocrypt’96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399–416.
D. Boneh, Simplified OAEP for the RSA and Rabin functions, Prooceedings of Crypto 2001, LNCS vol 2139, pp. 275–291, 2001.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Proceedings of Crypto’ 96, pp. 129–142, 1996.
R. Canetti, O. Goldreich and S. Halevi, The random oracle methodology, revisited, STOC’ 98, ACM, 1998.
D. Coppersmith, Finding a small root of a univariate modular equation, in Eurocrypt’96, LNCS 1070.
J.S. Coron, M. Joye, D. Naccache and P. Paillier, Universal padding schemes for RSA. Full version of this paper. Cryptology ePrint Archive, http://www.eprint.iacr.org.
E. Fujisaki, T. Okamoto, D. Pointcheval and J. Stern, RSA-OAEP is secure under the RSA assumption, Proceedings of Crypto’ 2001, LNCS vol. 2139, Springer-Verlag, 2001, pp. 260–274.
S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal of computing, 17(2), pp. 281–308, April 1988.
S. Haber and B. Pinkas, Combining Public Key Cryptosystems, Proceedings of the ACM Computer and Security Conference, November 2001.
IEEE P1363a, Standard Specifications For Public Key Cryptography: Additional Techniques, available at http://www.manta.ieee.org/groups/1363
J. Manger, A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. Proceedings of Crypto 2001, LNCS 2139, pp. 230–238, 2001.
PKCS #1 v2.1, RSA Cryptography Standard (draft), available at http://www.rsasecurity.com /rsalabs/pkcs.
C. Racko. and D. Simon, Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology, Crypto’ 91, pages 433–444, 1991.
R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, CACM 21, 1978.
V. Shoup, OAEP reconsidered, Proceedings of Crypto 2001, LNCS vol. 2139, pp 239–259, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, JS., Joye, M., Naccache, D., Paillier, P. (2002). Universal Padding Schemes for RSA. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_15
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive