On the Security of RSA Screening

13 years 11 months ago
On the Security of RSA Screening
Since many applications require the verification of large sets of signatures, it is sometimes advantageous to perform a simultaneous verification instead of checking each signature individually. The simultaneous processing, called batching, must be provably equivalent to the sequential verification of all signatures. In eurocrypt’98, Bellare et al. [1] presented a fast RSA batch verification scheme, called screening. Here we successfully attack this algorithm by forcing it to accept a false signature and repair it by implementing an additional test.
Jean-Sébastien Coron, David Naccache
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where PKC
Authors Jean-Sébastien Coron, David Naccache
Comments (0)