RSA/rabin bits are 1/2 + 1/poly(log N) secure

Werner Alcxi, Benny Chor, Oded Goldreich, Claus P. Sehnorr

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We prove that RSA least significant bit is 1/2 + 1/logcN secure, for any constant c (where N is the RSA modulus). This means that an adversary, given the ciphertext, cannot guess the least significant bit of the plaintext with probability better than 1/2+ 1/logcN unless he can break RSA. Our proof technique is strong enough to give, with slight modifications, the following related results: 1) The log log N least significant bits are simultaneously 1/2 + 1/logcN secure. 2) The above also holds for Rabin's encryption function. Our results imply that Rabin/RSA encryption can be directly used for pseudo random bits generation, provided that factoring/inverting RSA is hard.

Original languageEnglish
Title of host publication25th Annual Symposium on Foundations of Computer Science, FOCS 1984
PublisherIEEE Computer Society
Pages449-457
Number of pages9
ISBN (Electronic)081860591X
StatePublished - 1984
Externally publishedYes
Event25th Annual Symposium on Foundations of Computer Science, FOCS 1984 - Singer Island, United States
Duration: 24 Oct 198426 Oct 1984

Publication series

NameProceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
Volume1984-October
ISSN (Print)0272-5428

Conference

Conference25th Annual Symposium on Foundations of Computer Science, FOCS 1984
Country/TerritoryUnited States
CitySinger Island
Period24/10/8426/10/84

Fingerprint

Dive into the research topics of 'RSA/rabin bits are 1/2 + 1/poly(log N) secure'. Together they form a unique fingerprint.

Cite this