There is an attack against this type of RSA signature scheme, although
cannot remember just now if it requires that the verfication exponent be
small (ie. e=3).
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit

On 6/20/05, James Muir [EMAIL PROTECTED] wrote:
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit integer can
be factorized over a small set of primes (ie. the prob that a uniformily
selected 128-bit integer is

Taral wrote:
On 6/20/05, James Muir [EMAIL PROTECTED] wrote:
The attack I am trying to recall is a chosen-message attack and its
efficiency is related to the probability that a random 128-bit integer can
be factorized over a small set of primes (ie. the prob that a uniformily
selected 128-bit