[Busec] BUsec this week: Adam Smith (Wed 10am)
goldbe at cs.bu.edu
Mon Feb 3 20:59:55 EST 2014
At this week's seminar, Adam Smith will be talking about the security
assumptions behind RSA. We meet at the usual time (Wed 10am) and place
(MCS137) with lunch provided. See you then!
BUsec Calendar: http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec
How to get to BU from MIT: The CT2 bus or MIT's "Boston Daytime Shuttle"
Regularity of Lossy Exponentiation and Applications.
Adam Smith. Penn State.
Wed, February 5, 10am - 11:30am
We study of how ``lossiness'' of the RSA trapdoor permutation under the
$\Phi$-Hiding Assumption can be used to understand the security of
classical RSA-based cryptographic systems. Under Phi-hiding, several
questions or conjectures about the security of such systems can be reduced
to bounds on the regularity (the distribution of the primitive e-th roots
of unity mod N) of the ``lossy'' RSA map (the mape x -> x^e where e
Specifically, this is the case for: (i) showing that large consecutive runs
of the RSA input bits are simultaneously hardcore, (ii) showing the
widely-deployed PKCS #1 v1.5 encryption is semantically secure, (iii)
improving the security bounds of Kiltz et al. (2010) for RSA-OAEP.
We prove several results on the regularity of the lossy RSA map using both
classical techniques and recent estimates on Gauss sums over finite
subgroups, thereby obtaining new results in the above applications. Our
results deepen the connection between ``combinatorial'' properties of
exponentiation in Z_N and the security of RSA-based constructions.
This is based on joint work with Adam O'Neill and Mark Lewko that appeared
at Eurocrypt 2013.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Busec