Professional Documents
Culture Documents
Network Security
Seventh Edition, Global Edition
by William Stallings
It must
It must verify the It must be
authenticate the
author and the verifiable by third
contents at the
date and time of parties to resolve
time of the
the signature disputes
signature
•C chooses a list
Known of messages Directed chosen •C may request
message before message attack from A
attack attempting to signatures of
break A’s •Similar to the messages that
•C only signature depend on
knows A’s •C is given generic attack,
access to a scheme, except that the previously
public key independent of obtained
set of list of messages
messages A’s public key; C to be signed is message-
and their then obtains chosen after C signature pairs
Key-only signatures from A valid knows A’s public
attack signatures for key but before
the chosen any signatures
messages are seen
Adaptive
chosen
Generic chosen
message
message attack
attack
• Latest of the RSA schemes and the one that RSA Laboratories
recommends as the most secure of the RSA schemes
• For all schemes developed prior to PSS it has not been possible to
develop a mathematical proof that the signature scheme is as
secure as the underlying RSA encryption/decryption primitive