{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:26:47Z","timestamp":1750220807630,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T00:00:00Z","timestamp":1573430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,11]]},"DOI":"10.1145\/3338500.3360333","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T19:43:22Z","timestamp":1573155802000},"page":"23-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["On the Security of RSA-PSS in the Wild"],"prefix":"10.1145","author":[{"given":"Saqib A.","family":"Kakvi","sequence":"first","affiliation":[{"name":"University of Wuppertal, Wuppertal, Germany"}]}],"member":"320","published-online":{"date-parts":[[2019,11,11]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"364","volume-title":"ACM CCS 2015: 22nd Conference on Computer and Communications Security","author":"Ateniese Giuseppe","year":"2015"},{"doi-asserted-by":"crossref","unstructured":"Christoph Bader Tibor Jager Yong Li and Sven Sch\u00e4ge . On the impossibility of tight cryptographic reductions. In Marc Fischlin and Jean-S\u00e9bastien Coron editors Advances in Cryptology -- EUROCRYPT 2016 Part II volume 9666 of Lecture Notes in Computer Science pages 273 -- 304 Vienna Austria May 8-12 2016. Springer Heidelberg Germany. Christoph Bader Tibor Jager Yong Li and Sven Sch\u00e4ge. On the impossibility of tight cryptographic reductions. In Marc Fischlin and Jean-S\u00e9bastien Coron editors Advances in Cryptology -- EUROCRYPT 2016 Part II volume 9666 of Lecture Notes in Computer Science pages 273--304 Vienna Austria May 8-12 2016. Springer Heidelberg Germany.","key":"e_1_3_2_1_2_1","DOI":"10.1007\/978-3-662-49896-5_10"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1145\/168588.168596"},{"doi-asserted-by":"crossref","unstructured":"Mihir Bellare and Phillip Rogaway . The exact security of digital signatures: How to sign with RSA and Rabin. In Ueli M. Maurer editor Advances in Cryptology --EUROCRYPT'96 volume 1070 of Lecture Notes in Computer Science pages 399 -- 416 Saragossa Spain May 12-16 1996 . Springer Heidelberg Germany. Mihir Bellare and Phillip Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In Ueli M. Maurer editor Advances in Cryptology --EUROCRYPT'96 volume 1070 of Lecture Notes in Computer Science pages 399--416 Saragossa Spain May 12-16 1996. Springer Heidelberg Germany.","key":"e_1_3_2_1_4_1","DOI":"10.1007\/3-540-68339-9_34"},{"doi-asserted-by":"crossref","unstructured":"Mihir Bellare and Moti Yung . Certifying cryptographic tools: The case of trapdoorpermutations. In Ernest F. Brickell editor Advances in Cryptology -- CRYPTO'92 volume 740 of Lecture Notes in Computer Science pages 442 -- 460 Santa Barbara CA USA August 16-20 1993 . Springer Heidelberg Germany. Mihir Bellare and Moti Yung. Certifying cryptographic tools: The case of trapdoorpermutations. In Ernest F. Brickell editor Advances in Cryptology -- CRYPTO'92 volume 740 of Lecture Notes in Computer Science pages 442--460 Santa Barbara CA USA August 16-20 1993. Springer Heidelberg Germany.","key":"e_1_3_2_1_5_1","DOI":"10.1007\/3-540-48071-4_31"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1007\/BF00208000"},{"unstructured":"G. Bertoni J. Daemen M. Peeters and G. Van Assche. The keccak sha-3 submission. Submission to NIST (Round 3) 2011. G. Bertoni J. Daemen M. Peeters and G. Van Assche. The keccak sha-3 submission. Submission to NIST (Round 3) 2011.","key":"e_1_3_2_1_7_1"},{"doi-asserted-by":"crossref","unstructured":"Daniel Bleichenbacher . Chosen ciphertext attacks against protocols based onthe RSA encryption standard PKCS #1. In Hugo Krawczyk editor Advancesin Cryptology -- CRYPTO'98 volume 1462 of Lecture Notes in Computer Science pages 1 -- 12 Santa Barbara CA USA August 23-27 1998 . Springer Heidelberg Germany. Daniel Bleichenbacher. Chosen ciphertext attacks against protocols based onthe RSA encryption standard PKCS #1. In Hugo Krawczyk editor Advancesin Cryptology -- CRYPTO'98 volume 1462 of Lecture Notes in Computer Science pages 1--12 Santa Barbara CA USA August 23-27 1998. Springer Heidelberg Germany.","key":"e_1_3_2_1_8_1","DOI":"10.1007\/BFb0055716"},{"doi-asserted-by":"crossref","unstructured":"Christian Cachin Silvio Micali and Markus Stadler . Computationally private information retrieval with polylogarithmic communication. In Jacques Stern editor Advances in Cryptology -- EUROCRYPT'99 volume 1592 of Lecture Notes in Computer Science pages 402 -- 414 Prague Czech Republic May 2-6 1999 .Springer Heidelberg Germany . Christian Cachin Silvio Micali and Markus Stadler. Computationally private information retrieval with polylogarithmic communication. In Jacques Stern editor Advances in Cryptology -- EUROCRYPT'99 volume 1592 of Lecture Notes in Computer Science pages 402--414 Prague Czech Republic May 2-6 1999.Springer Heidelberg Germany.","key":"e_1_3_2_1_9_1","DOI":"10.1007\/3-540-48910-X_28"},{"key":"e_1_3_2_1_10_1","first-page":"683","volume-title":"Bhavani M. Thuraisingham","author":"Camenisch Jan","year":"2017"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.1007\/s001459900030"},{"doi-asserted-by":"crossref","unstructured":"Jean-S\u00e9bastien Coron . On the exact security of full domain hash. In Mihir Bellare editor Advances in Cryptology -- CRYPTO 2000 volume 1880 of Lecture Notes in Computer Science pages 229 -- 235 Santa Barbara CA USA August 20-24 2000. Springer Heidelberg Germany. Jean-S\u00e9bastien Coron. On the exact security of full domain hash. In Mihir Bellare editor Advances in Cryptology -- CRYPTO 2000 volume 1880 of Lecture Notes in Computer Science pages 229--235 Santa Barbara CA USA August 20-24 2000. Springer Heidelberg Germany.","key":"e_1_3_2_1_12_1","DOI":"10.1007\/3-540-44598-6_14"},{"doi-asserted-by":"crossref","unstructured":"Jean-S\u00e9bastien Coron . Optimal security proofs for PSS and other signature schemes. In Lars R. Knudsen editor Advances in Cryptology -- EUROCRYPT 2002 volume 2332 of Lecture Notes in Computer Science pages 272 -- 287 Amsterdam The Netherlands April 28 - May 2 2002. Springer Heidelberg Germany. Jean-S\u00e9bastien Coron. Optimal security proofs for PSS and other signature schemes. In Lars R. Knudsen editor Advances in Cryptology -- EUROCRYPT 2002 volume 2332 of Lecture Notes in Computer Science pages 272--287 Amsterdam The Netherlands April 28 - May 2 2002. Springer Heidelberg Germany.","key":"e_1_3_2_1_13_1","DOI":"10.1007\/3-540-46035-7_18"},{"doi-asserted-by":"crossref","unstructured":"Jean Paul Degabriele Anja Lehmann Kenneth G. Paterson Nigel P. Smart and Mario Strefler. On the joint security of encryption and signature in EMV. In Orr Dunkelman editor Topics in Cryptology -- CT-RSA 2012 volume 7178 of Lecture Notes in Computer Science pages 116 -- 135 San Francisco CA USA February 27 - March 2 2012. Springer Heidelberg Germany. Jean Paul Degabriele Anja Lehmann Kenneth G. Paterson Nigel P. Smart and Mario Strefler. On the joint security of encryption and signature in EMV. In Orr Dunkelman editor Topics in Cryptology -- CT-RSA 2012 volume 7178 of Lecture Notes in Computer Science pages 116--135 San Francisco CA USA February 27 - March 2 2012. Springer Heidelberg Germany.","key":"e_1_3_2_1_14_1","DOI":"10.1007\/978-3-642-27954-6_8"},{"unstructured":"Stuart Haber and Benny Pinkas. Securely combining public-key crypto systems. In Michael K. Reiter and Pierangela Samarati editors ACM CCS 2001: 8th Conference on Computer and Communications Security pages 215--224 Philadelphia PA USA November 5-8 2001. ACM Press. Stuart Haber and Benny Pinkas. Securely combining public-key crypto systems. In Michael K. Reiter and Pierangela Samarati editors ACM CCS 2001: 8th Conference on Computer and Communications Security pages 215--224 Philadelphia PA USA November 5-8 2001. ACM Press.","key":"e_1_3_2_1_15_1"},{"key":"e_1_3_2_1_16_1","first-page":"1195","volume-title":"ACM CCS 2018: 25th Conference on Computer and Communications Security","author":"Jager Tibor","year":"2018"},{"doi-asserted-by":"crossref","unstructured":"Jakob Jonsson and Burt Kaliski. Public-Key Cryptography Standards (PKCS)#1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) February 2003. Obsoleted by [31]. Jakob Jonsson and Burt Kaliski. Public-Key Cryptography Standards (PKCS)#1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) February 2003. Obsoleted by [31].","key":"e_1_3_2_1_19_1","DOI":"10.17487\/rfc3447"},{"doi-asserted-by":"crossref","unstructured":"Saqib A. Kakvi and Eike Kiltz. Optimal security proofs for full domain hash revisited. In David Pointcheval and Thomas Johansson editors Advances in Cryptology -- EUROCRYPT 2012 volume 7237 of Lecture Notes in Computer Science pages 537 -- 553 Cambridge UK April 15--19 2012. Springer Heidelberg Germany. Saqib A. Kakvi and Eike Kiltz. Optimal security proofs for full domain hash revisited. In David Pointcheval and Thomas Johansson editors Advances in Cryptology -- EUROCRYPT 2012 volume 7237 of Lecture Notes in Computer Science pages 537--553 Cambridge UK April 15--19 2012. Springer Heidelberg Germany.","key":"e_1_3_2_1_20_1","DOI":"10.1007\/978-3-642-29011-4_32"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_21_1","DOI":"10.1007\/s00145-017-9257-9"},{"doi-asserted-by":"crossref","unstructured":"Saqib A. Kakvi Eike Kiltz and Alexander May . Certifying RSA. In Xiaoyun Wangand Kazue Sako editors Advances in Cryptology -- ASIACRYPT 2012 volume 7658 of Lecture Notes in Computer Science pages 404 -- 414 Beijing China December 2-6 2012. Springer Heidelberg Germany. Saqib A. Kakvi Eike Kiltz and Alexander May. Certifying RSA. In Xiaoyun Wangand Kazue Sako editors Advances in Cryptology -- ASIACRYPT 2012 volume 7658 of Lecture Notes in Computer Science pages 404--414 Beijing China December 2-6 2012. Springer Heidelberg Germany.","key":"e_1_3_2_1_22_1","DOI":"10.1007\/978-3-642-34961-4_25"},{"doi-asserted-by":"crossref","unstructured":"Burt Kaliski. PKCS #1: RSA Encryption Version 1.5. RFC 2313 (Informational) March 1998. Obsoleted by [24]. Burt Kaliski. PKCS #1: RSA Encryption Version 1.5. RFC 2313 (Informational) March 1998. Obsoleted by [24].","key":"e_1_3_2_1_23_1","DOI":"10.17487\/rfc2313"},{"doi-asserted-by":"crossref","unstructured":"Burt Kaliski and Jessica Staddon. PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437 (Informational) October 1998. Obsoleted by [19]. Burt Kaliski and Jessica Staddon. PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437 (Informational) October 1998. Obsoleted by [19].","key":"e_1_3_2_1_24_1","DOI":"10.17487\/rfc2437"},{"unstructured":"Burt Kaliski (ed.). IEEE standard specifications for public-key cryptography. IEEEStd 1363--2000 pages 1--228 Aug 2000. https:\/\/ieeexplore.ieee.org\/servlet\/opac?punumber=7168. Burt Kaliski (ed.). IEEE standard specifications for public-key cryptography. IEEEStd 1363--2000 pages 1--228 Aug 2000. https:\/\/ieeexplore.ieee.org\/servlet\/opac?punumber=7168.","key":"e_1_3_2_1_25_1"},{"volume-title":"National Institute of Standards and Technology","year":"2016","author":"Kelsey John","key":"e_1_3_2_1_26_1"},{"doi-asserted-by":"crossref","unstructured":"Eike Kiltz Adam O'Neill and Adam Smith . Instantiability of RSA-OAEP under chosen-plaintext attack. In Tal Rabin editor Advances in Cryptology --CRYPTO 2010 volume 6223 of Lecture Notes in Computer Science pages 295 -- 313 Santa Barbara CA USA August 15--19 2010. Springer Heidelberg Germany. Eike Kiltz Adam O'Neill and Adam Smith. Instantiability of RSA-OAEP under chosen-plaintext attack. In Tal Rabin editor Advances in Cryptology --CRYPTO 2010 volume 6223 ofLecture Notes in Computer Science pages 295--313 Santa Barbara CA USA August 15--19 2010. Springer Heidelberg Germany.","key":"e_1_3_2_1_27_1","DOI":"10.1007\/978-3-642-14623-7_16"},{"doi-asserted-by":"crossref","unstructured":"Eike Kiltz Krzysztof Pietrzak and Mario Szegedy . Digital signatures with minimaloverhead from indifferentiable random invertible functions. In Ran Canetti and Juan A. Garay editors Advances in Cryptology -- CRYPTO 2013 Part I volume 8042 of Lecture Notes in Computer Science pages 571 -- 588 Santa Barbara CA USA August 18-22 2013. Springer Heidelberg Germany. Eike Kiltz Krzysztof Pietrzak and Mario Szegedy. Digital signatures with minimaloverhead from indifferentiable random invertible functions. In Ran Canetti and Juan A. Garay editors Advances in Cryptology -- CRYPTO 2013 Part I volume8042 of Lecture Notes in Computer Science pages 571--588 Santa Barbara CA USA August 18-22 2013. Springer Heidelberg Germany.","key":"e_1_3_2_1_28_1","DOI":"10.1007\/978-3-642-40041-4_31"},{"unstructured":"Information Technology Laboratory and National Institute of Standards and Technology. FIPS-202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015. https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.202.pdf. Information Technology Laboratory and National Institute of Standards and Technology. FIPS-202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015. https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.202.pdf.","key":"e_1_3_2_1_29_1"},{"doi-asserted-by":"crossref","unstructured":"Mark Lewko Adam O'Neill and Adam Smith . Regularity of lossy RSA on subdomains and its applications. In Thomas Johansson and Phong Q. Nguyen editors Advances in Cryptology -- EUROCRYPT 2013 volume 7881 of Lecture Notesin Computer Science pages 55 -- 75 Athens Greece May 26-30 2013. Springer Heidelberg Germany. Mark Lewko Adam O'Neill and Adam Smith. Regularity of lossy RSA on subdomains and its applications. In Thomas Johansson and Phong Q. Nguyen editors Advances in Cryptology -- EUROCRYPT 2013 volume 7881 of Lecture Notesin Computer Science pages 55--75 Athens Greece May 26-30 2013. Springer Heidelberg Germany.","key":"e_1_3_2_1_30_1","DOI":"10.1007\/978-3-642-38348-9_4"},{"unstructured":"Kathleen M. Moriarty (Ed.) Burt Kaliski Jakob Jonsson and Andreas Rusch. PKCS #1: RSA Cryptography Specifications Version 2.2. RFC 8017 (Informational) November 2016. Kathleen M. Moriarty (Ed.) Burt Kaliski Jakob Jonsson and Andreas Rusch. PKCS #1: RSA Cryptography Specifications Version 2.2. RFC 8017 (Informational) November 2016.","key":"e_1_3_2_1_31_1"},{"volume-title":"BC","year":"2008","author":"Peikert Chris","key":"e_1_3_2_1_32_1"},{"doi-asserted-by":"crossref","unstructured":"Yannick Seurin . On the lossiness of the Rabin trapdoor function. In Hugo Krawczyk editor PKC 2014: 17th International Conference on Theory and Practice of Public Key Cryptography volume 8383 of Lecture Notes in Computer Science pages 380 -- 398 Buenos Aires Argentina March 26-28 2014 . Springer Heidelberg Germany. Yannick Seurin. On the lossiness of the Rabin trapdoor function. In Hugo Krawczyk editor PKC 2014: 17th International Conference on Theory and Practice of Public Key Cryptography volume 8383 of Lecture Notes in Computer Science pages 380--398 Buenos Aires Argentina March 26-28 2014. Springer Heidelberg Germany.","key":"e_1_3_2_1_33_1","DOI":"10.1007\/978-3-642-54631-0_22"},{"doi-asserted-by":"crossref","unstructured":"Adam Smith and Ye Zhang . On the regularity of lossy RSA - improved bounds and applications to padding-based encryption. In Yevgeniy Dodis and Jesper Buus Nielsen editors TCC 2015: 12th Theory of Cryptography Conference Part I volume 9014 of Lecture Notes in Computer Science pages 609 -- 628 Warsaw Poland March 23-25 2015 . Springer Heidelberg Germany. Adam Smith and Ye Zhang. On the regularity of lossy RSA - improved bounds and applications to padding-based encryption. In Yevgeniy Dodis and Jesper Buus Nielsen editors TCC 2015: 12th Theory of Cryptography Conference Part I volume 9014 of Lecture Notes in Computer Science pages 609--628 Warsaw Poland March 23-25 2015. Springer Heidelberg Germany.","key":"e_1_3_2_1_34_1","DOI":"10.1007\/978-3-662-46494-6_25"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CCS '19","name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom"},"container-title":["Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338500.3360333","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3338500.3360333","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:12:49Z","timestamp":1750201969000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338500.3360333"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,11]]},"references-count":32,"alternative-id":["10.1145\/3338500.3360333","10.1145\/3338500"],"URL":"https:\/\/doi.org\/10.1145\/3338500.3360333","relation":{},"subject":[],"published":{"date-parts":[[2019,11,11]]},"assertion":[{"value":"2019-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}