On Fri, Jul 10, 2015 at 7:42 PM, Filip Paun paunfi...@gmail.com wrote:
Hello,
Thank you for your feedback. Please see my comments below.
On Fri, Jul 10, 2015 at 3:59 PM, Jonathan Katz jk...@cs.umd.edu wrote:
On Fri, Jul 10, 2015 at 4:15 PM, Filip Paun paunfi...@gmail.com wrote:
Suppose I
Hello,
Thank you for your feedback. Please see my comments below.
On Fri, Jul 10, 2015 at 3:59 PM, Jonathan Katz jk...@cs.umd.edu wrote:
On Fri, Jul 10, 2015 at 4:15 PM, Filip Paun paunfi...@gmail.com wrote:
Suppose I have a message M for which I generate an RSA-2048 digital
signature as
Suppose I have a message M for which I generate an RSA-2048 digital
signature as follows:
H = SHA-256(M)
S = H^d mod N
Assume N = p*q is properly generated and d is the RSA private key.
And I verify the signature as follows:
S^e mod N == H'
where H' is the SHA-256 of the message to be
This paper probably helps answering part of your question :
http://www.iacr.org/archive/crypto2000/18800229/18800229.pdf
Note that you can't replace a random oracle by SHA256 but you might have
better luck with HMAC-SHA256 (https://eprint.iacr.org/2013/382.pdf)
Suppose I have a message M for which I generate an RSA-2048 digital
signature as follows:
H = SHA-256(M)
S = H^d mod N
Assume N = p*q is properly generated and d is the RSA private key.
And I verify the signature as follows:
S^e mod N == H'
where H' is the SHA-256 of the
It is my understanding that, on a very basic level, using RSA without padding
allows computing “valid” signatures for new messages by combining two existing
signatures, because a^d * b^d == (a * b) ^ d
The use of sha256 in this case probably makes this task slightly more annoying,
but by no
On Fri, Jul 10, 2015 at 4:15 PM, Filip Paun paunfi...@gmail.com wrote:
Suppose I have a message M for which I generate an RSA-2048 digital
signature as follows:
H = SHA-256(M)
S = H^d mod N
Assume N = p*q is properly generated and d is the RSA private key.
And I verify the signature