|
|
(One intermediate revision by one other user not shown) |
Line 1: |
Line 1: |
| In [[cryptography]], the '''Full Domain Hash (FDH)''' is an [[RSA (algorithm)|RSA]]-based [[digital signature|signature]] scheme that follows the ''hash-and-sign'' paradigm. It is [[provable security|provably secure]] (i.e., is [[existential forgery|existentially unforgeable]] under [[adaptive chosen-message attack]]s) in the [[random oracle model]]. FDH involves hashing a message using a function whose image size equals the size of the RSA modulus, and then raising the result to the secret RSA exponent.
| | Andera is what you can call her but she never truly liked that title. To play lacross is something he would by no means give up. Office supervising is exactly where my main income comes from but I've usually needed my own business. I've usually loved residing in Alaska.<br><br>Here is my homepage - [http://kard.dk/?p=24252 online psychic reading] |
| | |
| ==Exact security of full domain hash==
| |
| | |
| In the random oracle model, if RSA is <math>(t',\epsilon')</math>-secure, then the full domain hash RSA signature scheme is <math>(t,\epsilon)</math>-secure where, <math>t=t'-(q_{hash}+q_{sig}+1) \cdot \mathcal{O}(k^3)</math> and
| |
| <math>\epsilon = \left(1+\frac{1}{q_{sig}}\right)^{q_{sig}+1} \cdot q_{sig} \cdot \epsilon'</math>.
| |
| | |
| For large <math>q_{sig}</math> this boils down to <math>\epsilon \sim exp(1)\cdot q_{sig} \cdot \epsilon'</math>.
| |
| | |
| This means that if there exists an algorithm that can forge a new FDH signature that runs in time ''t'', computes at most <math>q_{hash}</math> hashes, asks for at most <math>q_{sig}</math> signatures and succeeds with probability <math>\epsilon</math>, then there must also exist an algorithm that breaks RSA with probability <math>\epsilon'</math> in time <math>t'</math>.
| |
| | |
| ==References==
| |
| | |
| * Jean-Sébastien Coron(AF): On the Exact Security of Full Domain Hash. [[CRYPTO]] 2000: pp229–235 [http://www.iacr.org/archive/crypto2000/18800229/18800229.pdf (PDF)]
| |
| | |
| * [[Mihir Bellare]], [[Phillip Rogaway]]: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. [[EUROCRYPT]] 1996: pp399–416 [http://www.cs.ucdavis.edu/~rogaway/papers/exact.pdf (PDF)]
| |
| | |
| [[Category:Digital signature schemes]]
| |
| [[Category:Theory of cryptography]]
| |
| | |
| | |
| {{crypto-stub}}
| |
Latest revision as of 07:12, 15 October 2014
Andera is what you can call her but she never truly liked that title. To play lacross is something he would by no means give up. Office supervising is exactly where my main income comes from but I've usually needed my own business. I've usually loved residing in Alaska.
Here is my homepage - online psychic reading