{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T02:43:05Z","timestamp":1747104185831},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540663478"},{"type":"electronic","value":"9783540484059"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[1999]]},"DOI":"10.1007\/3-540-48405-1_1","type":"book-chapter","created":{"date-parts":[[2007,5,1]],"date-time":"2007-05-01T06:24:36Z","timestamp":1178000676000},"page":"1-18","source":"Crossref","is-referenced-by-count":23,"title":["On the Security of RSA Padding"],"prefix":"10.1007","author":[{"given":"Jean-S\u00e9bastien","family":"Coron","sequence":"first","affiliation":[]},{"given":"David","family":"Naccache","sequence":"additional","affiliation":[]},{"given":"Julien P.","family":"Stern","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[1999,12,16]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"L. Adleman, A subexponential algorithm for the discrete logarithm problem with applications to cryptography, Proceedings of the IEEE 20-th Annual symposium on the foundations of computer science, pp. 55\u201360, 1979.","DOI":"10.1109\/SFCS.1979.2"},{"key":"1_CR2","unstructured":"ANSI X9.31, Digital signatures using reversible public-key cryptography for the financial services industry (rDSA), 1998."},{"issue":"216","key":"1_CR3","doi-asserted-by":"publisher","first-page":"1701","DOI":"10.1090\/S0025-5718-96-00775-2","volume":"65","author":"E. Bach","year":"1996","unstructured":"E. Bach and R. Peralta, Asymptotic semismoothness probabilities, Mathematics of computation, vol. 65, no. 216, pp. 1701\u20131715, 1996.","journal-title":"Mathematics of computation"},{"key":"1_CR4","unstructured":"O. Baudron and J. Stern, To pad or not to pad: does formatting degrade security?, 1999 RSA Data Security Conference proceeding book, 1999."},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the first annual conference on computer and communication security, acm, 1993.","DOI":"10.1145\/168588.168596"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway, The exact security of digital signatures: how to sign with RSA and Rabin, Advances in cryptology eurocrypt\u201996, Springer-Verlag, Lectures notes in computer science 1070, pp. 399\u2013416, 1996.","DOI":"10.1007\/3-540-68339-9_34"},{"key":"1_CR7","first-page":"176","volume":"20","author":"R. Brent","year":"1980","unstructured":"R. Brent, An improved Monte Carlo factorization algorithm, Nordisk Tidskrift for Informationsbehandling (bit) vol. 20, pp. 176\u2013184, 1980.","journal-title":"Nordisk Tidskrift for Informationsbehandling"},{"key":"1_CR8","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1016\/S1385-7258(51)50008-2","volume":"13","author":"N. Bruijn de","year":"1951","unstructured":"N. de Bruijn, On the number of positive integers \u2264 x and free of prime factors \u2265 y, Indagationes Mathematicae, vol. 13, pp. 50\u201360, 1951. (cf. as well to part II, vol. 28, pp. 236-247, 1966.).","journal-title":"Indagationes Mathematicae"},{"key":"1_CR9","volume-title":"Chosen signature cryptanalysis of the RSA (MIT) public-key cryptosystem","author":"G. Davida","year":"1982","unstructured":"G. Davida, Chosen signature cryptanalysis of the RSA (MIT) public-key cryptosystem, TR-CS-82-2, Department of electrical engineering and computer science, University of Wisconsin, Milwaukee, 1982."},{"key":"1_CR10","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1145\/358027.358052","volume":"27-4","author":"D. Denning","year":"1984","unstructured":"D. Denning, Digital signatures with RSA and other public-key cryptosystems, Communications of the ACM, vol. 27-4, pp. 388\u2013392, 1984.","journal-title":"Communications of the ACM"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Y. Desmedt and A. Odlyzko. A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes, Advances in cryptology crypto\u201985, Springer-Verlag, Lectures notes in computer science 218, pp. 516\u2013522, 1986.","DOI":"10.1007\/3-540-39799-X_40"},{"issue":"10","key":"1_CR12","first-page":"1","volume":"22A","author":"K. Dickman","year":"1930","unstructured":"K. Dickman, On the frequency of numbers containing prime factors of a certain relative magnitude, Arkiv for matematik, astronomi och fysik, vol. 22A, no. 10, pp. 1\u201314, 1930.","journal-title":"Arkiv for matematik, astronomi och fysik"},{"key":"1_CR13","unstructured":"DIN NI-17.4, Specification of chipcard interface with digital signature application\/function according to SigG and SigV, version 1.0, 1998."},{"issue":"153","key":"1_CR14","doi-asserted-by":"publisher","first-page":"255","DOI":"10.2307\/2007743","volume":"36","author":"J. Dixon","year":"1981","unstructured":"J. Dixon, Asymptotically fast factorization of integers, Mathematics of computation, vol. 36, no. 153, pp. 255\u2013260, 1981.","journal-title":"Mathematics of computation"},{"issue":"1","key":"1_CR15","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/BF00191320","volume":"5","author":"J. Evertse","year":"1992","unstructured":"J. Evertse and E. van Heyst, Which new RSA-signatures can be computed from certain given RSA signatures?, Journal of cryptology vol. 5, no. 1, 41\u201352, 1992.","journal-title":"Journal of cryptology"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"M. Girault, J.-F. Misarsky, Selective forgery of RSA signatures using redundancy, Advances in cryptology eurocrypt\u201997, Springer-Verlag, Lectures notes in computer science 1233, pp. 495\u2013507, 1997.","DOI":"10.1007\/3-540-69053-0_34"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"J. Gordon, How to forge RSA key certificates, Electronic Letters, vol. 21, no. 9, April 25-th, 1985.","DOI":"10.1049\/el:19850269"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"L. Guillou, J.-J. Quisquater, M. Walker, P. Landrock and C. Shaer, Precautions taken against various attacks in ISP\/IEC DIS 9796, Advances in cryptology eurocrypt\u201990, Springer-Verlag, Lectures notes in computer science 473, pp. 465\u2013473, 1991.","DOI":"10.1007\/3-540-46877-3_42"},{"issue":"21","key":"1_CR19","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1112\/plms\/s3-21.1.102","volume":"3","author":"H. Halberstam","year":"1970","unstructured":"H. Halberstam, On integers whose prime factors are small, Proceedings of the London mathematical society, vol. 3, no. 21, pp. 102\u2013107, 1970.","journal-title":"Proceedings of the London mathematical society"},{"key":"1_CR20","unstructured":"K. Hickman, The SSL Protocol, December 1995. Available electronically at: http:\/\/www.netscape.com\/newsref\/std\/ssl.html"},{"key":"1_CR21","unstructured":"ISO\/IEC 9796, Information technology-Security techniques-Digital signature scheme giving message recovery, Part 1: Mechanisms using redundancy, 1999."},{"key":"1_CR22","unstructured":"ISO\/IEC 9796-2, Information technology-Security techniques-Digital signature scheme giving message recovery, Part 2: Mechanisms using a hash-function, 1997."},{"key":"1_CR23","unstructured":"ISO\/IEC 10118-2, Information technology-Security techniques-Hashfunctions; Part 2: Hash functions using an n-bit block-cipher algorithm, 1994."},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"W. de Jonge and D. Chaum. Attacks on some RSA signatures, Advances in cryptology crypto\u201985, Springer-Verlag, Lectures notes in computer science 218, pp. 18\u201327, 1986.","DOI":"10.1007\/3-540-39799-X_3"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"A. Lenstra, Generating RSA moduli with a predetermined portion, Advances in cryptology asiacrypt\u201998, Springer-Verlag, Lectures notes in computer science 1514, pp. 1\u201310, 1998.","DOI":"10.1007\/3-540-49649-1_1"},{"key":"1_CR26","unstructured":"A. Lenstra, de auditu, January 1999."},{"key":"1_CR27","unstructured":"A. Menezes, P. van Oorschot and S. Vanstone, Handbook of applied cryptography, crc Press."},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"M. Michels, M. Stadler and H.-M. Sun, On the security of some variants of the RSA signature scheme, Computer securityesorics\u201998, Springer-Verlag, Lectures notes in computer science 1485, pp. 85\u201396, 1998.","DOI":"10.1007\/BFb0055857"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"J.-F. Misarsky, A multiplicative attack using LLL algorithm on RSA signatures with redundancy, Advances in cryptology crypto\u201997, Springer-Verlag, Lectures notes in computer science 1294, pp. 221\u2013234, 1997.","DOI":"10.1007\/BFb0052238"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"J.-F. Misarsky, How (not) to design RSA signature schemes, Public-key cryptography, Springer-Verlag, Lectures notes in computer science 1431, pp. 14\u201328, 1998.","DOI":"10.1007\/BFb0054011"},{"key":"1_CR31","unstructured":"National Institute of Standards and Technology, Secure hash standard, FIPS publication 180-1, April 1994."},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"J. Pollard, Factoring with cubic integers, The development of the number field sieve, Springer-Verlag, Lectures notes in computer science 1554, pp. 4\u201310, 1993.","DOI":"10.1007\/BFb0091536"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"C. Pomerance, The quadratic sieve factoring algorithm, Advances in cryptology eurocrypt\u201984, Springer-Verlag, Lectures notes in computer science 209, pp. 169\u2013182, 1985.","DOI":"10.1007\/3-540-39757-4_17"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"R. Rivest, RFC 1321: The MD5 message-digest algorithm, Internet activities board, April 1992.","DOI":"10.17487\/rfc1321"},{"key":"1_CR35","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21-2","author":"R. Rivest","year":"1978","unstructured":"R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21-2, pp. 120\u2013126, 1978.","journal-title":"Communications of the ACM"},{"key":"1_CR36","unstructured":"RSA Laboratories, pkcs #1: RSA cryptography specifications, version 2.0, September 1998."},{"key":"1_CR37","first-page":"726","volume":"26","author":"H. Williams","year":"1980","unstructured":"H. Williams, A modification of the RSA public key encryption procedure, IEEE TIT, vol. 26, pp. 726\u2013729, 1980.","journal-title":"IEEE TIT"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2014 CRYPTO\u2019 99"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-48405-1_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T12:35:36Z","timestamp":1556368536000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-48405-1_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1999]]},"ISBN":["9783540663478","9783540484059"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/3-540-48405-1_1","relation":{},"ISSN":["0302-9743"],"issn-type":[{"type":"print","value":"0302-9743"}],"subject":[],"published":{"date-parts":[[1999]]}}}