The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme
Journal of Cryptology, 2003•Springer
We introduce a new class of computational problems which we call the``one-more-RSA-
inversion''problems. Our main result is that two problems in this class, which we call the
chosen-target and known-target inversion problems, respectively, have polynomially
equivalent computational complexity. We show how this leads to a proof of security for
Chaum's RSA-based blind signature scheme in the random oracle model based on the
assumed hardness of either of these problems. We define and prove analogous results …
inversion''problems. Our main result is that two problems in this class, which we call the
chosen-target and known-target inversion problems, respectively, have polynomially
equivalent computational complexity. We show how this leads to a proof of security for
Chaum's RSA-based blind signature scheme in the random oracle model based on the
assumed hardness of either of these problems. We define and prove analogous results …
Abstract
We introduce a new class of computational problems which we call the ``one-more-RSA-inversion'' problems. Our main result is that two problems in this class, which we call the chosen-target and known-target inversion problems, respectively, have polynomially equivalent computational complexity. We show how this leads to a proof of security for Chaum's RSA-based blind signature scheme in the random oracle model based on the assumed hardness of either of these problems. We define and prove analogous results for ``one-more-discrete-logarithm'' problems. Since the appearence of the preliminary version of this paper, the new problems we have introduced have found other uses as well.
Springer
以上显示的是最相近的搜索结果。 查看全部搜索结果