Weizmann Logo
ECCC
Electronic Colloquium on Computational Complexity

Under the auspices of the Computational Complexity Foundation (CCF)

Login | Register | Classic Style



REPORTS > DETAIL:

Revision(s):

Revision #1 to TR97-027 | 13th October 1997 00:00

On the Security of Server aided RSA protocols Revision of: TR97-027

RSS-Feed




Revision #1
Authors: Johannes Merkle, Ralph Werchner
Accepted on: 13th October 1997 00:00
Downloads: 3310
Keywords: 


Abstract:

In this paper we investigate the security of the server aided
RSA protocols
RSA-S1 and RSA-S1M proposed by Matsumoto, Kato and Imai resp.~Matsumoto,
Imai,
Laih and Yen. There a smart card wishes to calculate an RSA signature
and wants computational assistance from a untrusted powerful
server. We focus on generic attacks, that is, attacks that
do not exploit any special properties of the encoding of the group
elements.
The notion of generic attacks has been introduced by Shoup.
We prove lower bounds for the complexity of generic attacks on these two
protocols and show that the bounds are sharp by describing attacks that
almost
match our lower bounds. To the best of our knowledge these are the first
security proofs for efficient server aided RSA protocols.


Paper:

TR97-027 | 29th April 1997 00:00

On the Security of Server aided RSA protocols





TR97-027
Authors: Johannes Merkle, Ralph Werchner
Publication: 23rd June 1997 14:04
Downloads: 2056
Keywords: 


Abstract:

In this paper we investigate the security of the server aided
RSA protocols RSA-S1 and RSA-S1M proposed by Matsumoto, Kato and Imai
resp. Matsumoto, Imai, Laih and Yen. We prove lower bounds for the
complexity of attacks on these protocols and show that the bounds are
sharp by describing attacks that almost match our lower bounds. To the
best of our knowledge these are the first lower bounds for efficient
server aided RSA protocols.



ISSN 1433-8092 | Imprint