The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme (Q1402372): Difference between revisions
From MaRDI portal
Changed an Item |
Normalize DOI. |
||
(4 intermediate revisions by 3 users not shown) | |||
Property / DOI | |||
Property / DOI: 10.1007/s00145-002-0120-1 / rank | |||
Property / MaRDI profile type | |||
Property / MaRDI profile type: MaRDI publication profile / rank | |||
Normal rank | |||
Property / full work available at URL | |||
Property / full work available at URL: https://doi.org/10.1007/s00145-002-0120-1 / rank | |||
Normal rank | |||
Property / OpenAlex ID | |||
Property / OpenAlex ID: W2054482077 / rank | |||
Normal rank | |||
Property / Wikidata QID | |||
Property / Wikidata QID: Q56921345 / rank | |||
Normal rank | |||
Property / DBLP publication ID | |||
Property / DBLP publication ID: journals/joc/BellareNPS03 / rank | |||
Normal rank | |||
Property / DOI | |||
Property / DOI: 10.1007/S00145-002-0120-1 / rank | |||
Normal rank |
Latest revision as of 19:28, 10 December 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme |
scientific article |
Statements
The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme (English)
0 references
27 August 2003
0 references
A new useful class of computational problems for public-key cryptology is introduced and studied. There are two well-known functions which are associated with RSA public key protocol \(\text{RSA}_{N,e}(x)= x^e\bmod N\) and \(\text{RSA}^{-1}_{N,e}(y)= y^d\bmod N\), where \(x\), \(y\) are natural integers, \(e\) is an encryption parameter, \(d\) is a decryption parameter, \(ed\equiv 1\bmod \varphi(N)\). The function \(\text{RSA}^{-1}\) is called RSA-inverse. The adversary has access to an oracle for the inverse RSA function in a given target point \(y\). The oracle returns \(y^d\text{\,mod\,}N\) without revealing the integer \(d\). The problems are as follows. In the known-target inversion problem, the adversary, to win, must output the inverses of all given target points, using a number of decryption oracle queries that is one fewer than the number of target points. In the chosen-target inversion problem, the adversary can choose to invert any number of target points and wins as long as the number of decryption oracle queries that it makes is strictly fewer than the number of target points it correctly inverts. The main result is that these two problems have polynomially equivalent complexity. It is shown how this leads to a proof of security for Chaum's RSA-based blind signature scheme. Analogous results are proved for ``one-more-discrete-logarithm'' problems.
0 references
Blind digital signature schemes
0 references
Digital cash
0 references
RSA
0 references