Paper 2002/115
Universal Padding Schemes for RSA
Jean-Sébastien Coron, Marc Joye, David Naccache, and Pascal Paillier
Abstract
A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is different from the one used for signing. The goal of this paper is to simplify this common setting. First, we show that PSS can also be used for encryption, and gives an encryption scheme semantically secure against adaptive chosen-ciphertext attacks, in the random oracle model. As a result, PSS can be used indifferently for encryption or signature. Moreover, we show that PSS allows to safely use the same RSA key-pairs for both encryption and signature, in a concurrent manner. More generally, we show that using PSS the same set of keys can be used for both encryption and signature for any trapdoor partial-domain one-way permutation. The practical consequences of our result are important: PKIs and public-key implementations can be significantly simplified.
Metadata
- Available format(s)
- PS
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Paper published at Crypto 2002
- Keywords
- Provable SecurityPSS
- Contact author(s)
- coron @ clipper ens fr
- History
- 2002-08-12: received
- Short URL
- https://ia.cr/2002/115
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2002/115, author = {Jean-Sébastien Coron and Marc Joye and David Naccache and Pascal Paillier}, title = {Universal Padding Schemes for {RSA}}, howpublished = {Cryptology {ePrint} Archive, Paper 2002/115}, year = {2002}, url = {https://eprint.iacr.org/2002/115} }