Sommaire

  • Cet exposé a été présenté le 26 janvier 2007.

Description

  • Orateur

    Pascal Paillier - Gemplus

We focus on two new number-theoretic problems of major importance for RSA and factoring-based cryptosystems. An RSA key generator Gen(1^k) = (n, e) is malleable when factoring n is easier when given access to a factoring oracle for other keys (n', e')!= (n, e) output by Gen. Gen is instance-malleable when it is easier to extract e-th roots mod n given an e'-th root extractor mod n' for (n', e') != (n , e) output by Gen. Instance-non-malleable generators are of prime importance for practical RSA-based systems (RSA-PSS, RSA-OAEP, etc) because their security can be shown not to be equivalent to RSA in the standard model, in contradiction with the random oracle heuristic. We investigate the malleability and instance-malleability of popular RSA key generators such as textbook RSA and low-exponent RSA and question the existence of non-trivial malleable RSA instances.

Prochains exposés

  • CryptoVerif: a computationally-sound security protocol verifier

    • 05 septembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]

    • Cryptography

Voir les exposés passés
Haut de page