Cryptology ePrint Archive: Report 2001/053
Security Proofs for the RSA-PSS Signature Scheme and Its Variants
Jakob Jonsson
Abstract: We analyze the security of different versions of the adapted
RSA-PSS signature scheme, including schemes with variable salt
lengths and message recovery. We also examine a variant with
Rabin-Williams (RW) as the underlying verification primitive.
Our conclusion is that the security of RSA-PSS and RW-PSS in
the random oracle model can be tightly related to the hardness
of inverting the underlying RSA and RW primitives, at least if
the PSS salt length is reasonably large. Our security proofs
are based on already existing work by Bellare and Rogaway
and by Coron, who examined signature schemes based on the
original PSS encoding method.
Category / Keywords: public-key cryptography / digital signatures, factoring, public-key cryptography, RSA
Publication Info: The paper is not published elsewhere.
Date: , last revised 3 Jul 2001
Contact author: jjonsson at rsasecurity com
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20010703:153432 (All versions of this report)
Short URL: ia.cr/2001/053
[ Cryptology ePrint archive ]