Selective forgery of RSA signatures with fixed-pattern padding

A.K. Lenstra, I.E. Shparlinski

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)


We present a practical selective forgery attack against RSA signatures with fixed-pattern padding shorter than two thirds of the modulus length. Our result extends the practical existential forgery of such RSA signatures that was presented at Crypto 2001. For an n-bit modulus the heuristic asymptotic runtime of our forgery is comparable to the time required to factor a modulus of only 9/64n bits. Thus, the security provided by short fixed-pattern padding is negligible compared to the security it is supposed to provide.
Original languageEnglish
Title of host publicationPublic key cryptography : proceedings PKC 2002, Paris, France, February 12-14, 2002
EditorsD. Naccache, P. Paillier
Place of PublicationBerlin
ISBN (Print)3-540-43168-3
Publication statusPublished - 2002

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


Dive into the research topics of 'Selective forgery of RSA signatures with fixed-pattern padding'. Together they form a unique fingerprint.

Cite this