PSS: Provably secure encoding method for digital signatures.

We describe two encoding methods: EMSA-PSS, for signing with appendix, and EMSR-PSS, for signing with message recovery. These encodings are appropriate for signatures based on the RSA or Rabin/Williams primitive. The methods are as simple and efficient as the methods in the current P1363 draft (based on X9.31 and ISO 9796), but they have better demonstrated security. In particular, treating the underlying hash function as ideal, EMSA-PSS and EMSR-PSS give rise to provably-secure schemes: the ability to forge implies the ability to invert the underlying trapdoor permutation. In fact, when the underlying primitive is RSA, the schemes are not only provably secure, but are so in a tight way: the ability to forge with a certain amount of computational resources implies the ability to invert RSA (on the same size modulus) with essentially the same computational resources.

Click Here to download this article

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred VPN solution?