|
|
| Line 1: |
Line 1: |
| In [[cryptography]], the '''Full Domain Hash (FDH)''' is an [[RSA (algorithm)|RSA]]-based [[digital signature|signature]] scheme that follows the ''hash-and-sign'' paradigm. It is [[provable security|provably secure]] (i.e., is [[existential forgery|existentially unforgeable]] under [[adaptive chosen-message attack]]s) in the [[random oracle model]]. FDH involves hashing a message using a function whose image size equals the size of the RSA modulus, and then raising the result to the secret RSA exponent.
| | Hello. Allow me introduce the writer. Her title is Refugia Shryock. For years I've been working as a payroll clerk. To gather cash is a thing that I'm totally addicted to. North Dakota is her beginning place but she will have to move 1 working day or an additional.<br><br>Take a look at my web blog - [http://www.hotporn123.com/user/RWhiteman at home std testing] |
| | |
| ==Exact security of full domain hash==
| |
| | |
| In the random oracle model, if RSA is <math>(t',\epsilon')</math>-secure, then the full domain hash RSA signature scheme is <math>(t,\epsilon)</math>-secure where, <math>t=t'-(q_{hash}+q_{sig}+1) \cdot \mathcal{O}(k^3)</math> and
| |
| <math>\epsilon = \left(1+\frac{1}{q_{sig}}\right)^{q_{sig}+1} \cdot q_{sig} \cdot \epsilon'</math>.
| |
| | |
| For large <math>q_{sig}</math> this boils down to <math>\epsilon \sim exp(1)\cdot q_{sig} \cdot \epsilon'</math>.
| |
| | |
| This means that if there exists an algorithm that can forge a new FDH signature that runs in time ''t'', computes at most <math>q_{hash}</math> hashes, asks for at most <math>q_{sig}</math> signatures and succeeds with probability <math>\epsilon</math>, then there must also exist an algorithm that breaks RSA with probability <math>\epsilon'</math> in time <math>t'</math>.
| |
| | |
| ==References==
| |
| | |
| * Jean-Sébastien Coron(AF): On the Exact Security of Full Domain Hash. [[CRYPTO]] 2000: pp229–235 [http://www.iacr.org/archive/crypto2000/18800229/18800229.pdf (PDF)]
| |
| | |
| * [[Mihir Bellare]], [[Phillip Rogaway]]: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. [[EUROCRYPT]] 1996: pp399–416 [http://www.cs.ucdavis.edu/~rogaway/papers/exact.pdf (PDF)]
| |
| | |
| [[Category:Digital signature schemes]]
| |
| [[Category:Theory of cryptography]]
| |
| | |
| | |
| {{crypto-stub}}
| |
Revision as of 22:16, 6 February 2014
Hello. Allow me introduce the writer. Her title is Refugia Shryock. For years I've been working as a payroll clerk. To gather cash is a thing that I'm totally addicted to. North Dakota is her beginning place but she will have to move 1 working day or an additional.
Take a look at my web blog - at home std testing