RSA/RABIN BITS ARE 1/2 plus 1/POLY(LOG N) SECURE.

Werner Alexi*, Benny Chor, Oded Goldreich, Claus P. Schnorr

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

39 Scopus citations

Abstract

It is proved that RSA least significant bit is 1/2 plus 1/log**c N secure, for any constant c (where N is the RSA modulus). This means that an adversary, given the ciphertext, cannot guess the least significant bit of the plaintext with probability better than 1/2 plus 1/log**c N, unless he can break RSA. The following related results are also obtained: (1) the log log N least significant bits are simultaneously 1/2 plus 1/log**c N; and (2) the above also holds for Rabin's encryption function. The results imply that Rabin/RSA encryption can be directly used for pseudorandom bits generation, provided that factoring/inverting RSA is hard.

Original languageEnglish
Title of host publicationAnnual Symposium on Foundations of Computer Science (Proceedings)
PublisherIEEE
Pages449-457
Number of pages9
ISBN (Print)081860591X
StatePublished - 1984
Externally publishedYes

Publication series

NameAnnual Symposium on Foundations of Computer Science (Proceedings)
ISSN (Print)0272-5428

Fingerprint

Dive into the research topics of 'RSA/RABIN BITS ARE 1/2 plus 1/POLY(LOG N) SECURE.'. Together they form a unique fingerprint.

Cite this