Stronger Security Proofs for RSA and Rabin Bits

• Published in: Journal of cryptology Vol. 13; no. 2; pp. 221 - 244
• Main Authors: Fischlin, R., Schnorr, C. P.
• Format: Journal Article
• Language: English
• Published: New York, NY Springer 01.03.2000; Springer Nature B.V
• Subjects: Algorithms; Applied sciences; Cryptography; Encryption; Exact sciences and technology; Information, signal and communications theory; Mathematical analysis; Polynomials; Random numbers; Security; Signal and communications theory; Statistical analysis; Telecommunications and information theory; Probabilistic approach; Pseudorandom number; Conditional probability; Algorithm; Polynomial time; Public key; Linear transformation; Approximation error; Cryptography; Oracle; Computing method; Random number generation; Number theory; Security key
• ISSN: 0933-2790; 1432-1378; 1432-1378
• DOI: 10.1007/s001459910008

The RSA and Rabin encryption functions are respectively defined as EN(x) = xe mod N and EN(x) = x2 mod N , where N is a product of two large random primes p , q and e is relatively prime to φ (N) . We present a simpler and tighter proof of the result of Alexi et al. [ACGS] that the following problems are equivalent by probabilistic polynomial time reductions: (1) given EN(x) find x; (2) given EN(x) predict the least-significant bit of x with success probability 1/2 + 1/poly(n) , where N has n bits. The new proof consists of a more efficient algorithm for inverting the RSA/ Rabin function with the help of an oracle that predicts the least-significant bit of x . It yields provable security guarantees for RSA message bits and for the RSA random number generator for modules N of practical size.