Paper 2006/206

On the Provable Security of an Efficient RSA-Based Pseudorandom Generator

Ron Steinfeld, Josef Pieprzyk, and Huaxiong Wang

Abstract

Pseudorandom Generators (PRGs) based on the RSA inversion (one-wayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSA-based generators output asymptotically only at most bits per multiply modulo an RSA modulus of bitlength , and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSA-based PRG, which shows that one can obtain an RSA-based PRG which outputs bits per multiply and has provable pseudorandomness security assuming the hardness of a well-studied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate bits per multiply at the cost of a reasonable assumption on RSA inversion.

Note: Several small corrections and additions have been made.

Metadata
Available format(s)
PDF PS
Publication info
Published elsewhere. To appear at Asiacrypt 2006.
Keywords
Pseudorandom generatorRSAprovable securitylattice attack
Contact author(s)
rons @ ics mq edu au
History
2006-09-21: last of 4 revisions
2006-06-21: received
See all versions
Short URL
https://ia.cr/2006/206
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/206,
      author = {Ron Steinfeld and Josef Pieprzyk and Huaxiong Wang},
      title = {On the Provable Security of an Efficient {RSA}-Based Pseudorandom Generator},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/206},
      year = {2006},
      url = {https://eprint.iacr.org/2006/206}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.