Table of contents

  • This session has been presented January 26, 2007.

Description

  • Speaker

    Pascal Paillier - Gemplus

We focus on two new number-theoretic problems of major importance for RSA and factoring-based cryptosystems. An RSA key generator Gen(1^k) = (n, e) is malleable when factoring n is easier when given access to a factoring oracle for other keys (n', e')!= (n, e) output by Gen. Gen is instance-malleable when it is easier to extract e-th roots mod n given an e'-th root extractor mod n' for (n', e') != (n , e) output by Gen. Instance-non-malleable generators are of prime importance for practical RSA-based systems (RSA-PSS, RSA-OAEP, etc) because their security can be shown not to be equivalent to RSA in the standard model, in contradiction with the random oracle heuristic. We investigate the malleability and instance-malleability of popular RSA key generators such as textbook RSA and low-exponent RSA and question the existence of non-trivial malleable RSA instances.

Next sessions

  • Polytopes in the Fiat-Shamir with Aborts Paradigm

    • November 29, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Hugo Beguinet - ENS Paris / Thales

    The Fiat-Shamir with Aborts paradigm (FSwA) uses rejection sampling to remove a secret’s dependency on a given source distribution.  Recent results revealed that unlike the uniform distribution in the hypercube, both the continuous Gaussian and the uniform distribution within the hypersphere minimise the rejection rate and the size of the proof of knowledge. However, in practice both these[…]

    • Cryptography

    • Asymmetric primitive

    • Mode and protocol

  • Post-quantum Group-based Cryptography

    • December 20, 2024 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Delaram Kahrobaei - The City University of New York

Show previous sessions
Page top