Topic
RSA problem
About: RSA problem is a research topic. Over the lifetime, 173 publications have been published within this topic receiving 24467 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
IBM1
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
Abstract: We argue that the random oracle model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol PR for the random oracle model, and then replacing oracle accesses by the computation of an “appropriately chosen” function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including encryption, signatures, and zero-knowledge proofs.
5,313 citations
IBM1
TL;DR: The RSA threshold signature scheme presented in this article is robust and unforgeable in the random oracle model, assuming the RSA problem is hard, and the signature share generation and verification is completely non-interactive.
Abstract: We present an RSA threshold signature scheme. The scheme enjoys the following properties: 1. it is unforgeable and robust in the random oracle model, assuming the RSA problem is hard; 2. signature share generation and verification is completely non-interactive; 3. the size of an individual signature share is bounded by a constant times the size of the RSA modulus.
921 citations
Journal Article•
TL;DR: In this paper, a bit commitment scheme, BC(.), and efficient statistical zero knowledge (SZK) protocols are proposed, in which, for any given multi-variable polynomial f(X 1,...,X t ) and any given modulus n, prover P gives (I 1,..,I t ) to verifier V and can convince V that P knows (x 1,...,x t ) satisfying f(x 1,...x t ), 0 (mod n) and I i = BC(x i ), (i = 1
Abstract: This paper proposes a bit commitment scheme, BC(.), and efficient statistical zero knowledge (in short, SZK) protocols in which, for any given multi-variable polynomial f(X 1 ,...,X t ) and any given modulus n, prover P gives (I 1 ,...,I t ) to verifier V and can convince V that P knows (x 1 ,...,x t ) satisfying f(x 1 ,...x t )? 0 (mod n) and I i = BC(x i ), (i = 1,.., t). The proposed protocols are O(|n|) times more efficient than the corresponding previous ones [Dam93, Dam95, Oka95]. The (knowledge) soundness of our protocols holds under a computational assumption, the intractability of a modified RSA problem (see Def.3), while the (statistical) zero-knowledgeness of the protocols needs no computational assumption. The protocols can be employed to construct various practical cryptographic protocols, such as fair exchange, untraceable electronic cash and verifiable secret sharing protocols.
431 citations
TL;DR: This letter formulate RSA as an Integer Linear Programming (ILP) problem and propose an effective heuristic to be used if the solution of ILP is not attainable.
Abstract: A spectrum-sliced elastic optical path network (SLICE) architecture has been recently proposed as an efficient solution for a flexible bandwidth allocation in optical networks In SLICE, the problem of Routing and Spectrum Assignment (RSA) emerges In this letter, we both formulate RSA as an Integer Linear Programming (ILP) problem and propose an effective heuristic to be used if the solution of ILP is not attainable
317 citations