Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA Laboratories’ PKCS Series - a Tutorial

Published byChrystal Jordan Modified over 6 years ago

Similar presentations

Presentation on theme: "RSA Laboratories’ PKCS Series - a Tutorial"— Presentation transcript:

1 RSA Laboratories’ PKCS Series - a Tutorial
Magnus Nyström, October, 1999

2 RSA Cryptography Standard
Specifies RSA encryption, decryption, signature and verification primitives Specifies RSA encryption and signature schemes Specifies encoding methods for these schemes Specifies ASN.1 syntax for public RSA keys private RSA keys above mentioned schemes (object identifiers for defined schemes and associated parameters)

3 Definitions, I Primitives
Basic mathematical operations on which cryptographic schemes can be built. Intended for implementation in hardware or as software modules Not intended to provide security apart from a scheme Defined in PKCS #1: Encryption/Decryption Signature/Verification

4 Definitions, II Schemes
Combines cryptographic primitives and other techniques to achieve a particular security goal. Two types of scheme are specified in this document: encryption schemes signature schemes with appendix

5 Definitions, III Encoding Methods
Operations that map between octet string messages and integer message representatives. Two types defined in PKCS #1: encoding methods for encryption encoding methods for signatures with appendix

6 Primitives RSA Encryption (RSAEP) RSA Decryption (RSADP)
“Ordinary” RSA en/decryption RSA Signature (RSASP1) RSA Verification (RSAVP1) “Ordinary” RSA signatures and verification

7 Encryption Schemes RSAES-OAEP RSAES-PKCS1-v1_5
Optimal asymmetric encryption (Bellare-Rogaway, ‘94) plaintext-aware encryption (stops chosen ciphertext attacks) RSAES-PKCS1-v1_5 Classical PKCS #1 encryption/decryption possible to generate valid ciphertexts without knowing the corresponding plaintexts, with a reasonable probability of success (Bleichenbacher, ‘98)

8 Signature Schemes Currently only “Signature schemes with an appendix” in PKCS #1 RSASSA-PKCS1-v1_5 “Classical” PKCS #1 signatures Support for the “Probabilistic Signature Scheme” (PSS) is being added (RSASSA-PSS) Provable security under certain assumptions Allows for a signature scheme with message recovery as well

9 Block Diagram of PSS Encoding Operation

10 Some Observations Message is hashed with random salt
improves security proof reduces reliance on hash function security Hash value is expanded to full length randomizes input to primitive removes multiplicative structure enables proof Salt value is xored into expanded hash shortens signature overhead part of message may also be xored

11 PSS Advantages Provable security under certain assumptions (random oracle model) other methods have “ad hoc” security, not a proof Reduced reliance on hash function security “birthday attack” collisions not useful due to random salt Natural extension to message recovery

12 Encoding methods Used to define how a message is transformed and encoded when being transformed by one of the schemes Encoding methods for en/decryption: EME-OAEP EME-PKCS1-v1_5 Encoding methods for signatures with appendix: EMSA-PKCS1-v1_5 (EMSA-PSS)

13 Standards Strategy Several RSA standards:
PKCS ANSI X9.31 ISO 9798 ANSI X9.31 is widely standardized PSS is widely considered secure PKCS #1 is widely deployed How harmonize?

14 Standards Strategy, II Short term (1-2 years): Support both PKCS #1 v1.5 and ANSI X9.31 signatures for interoperability e.g., in IETF profiles, FIPS validation NIST is in the process of adding PKCS #1 v1.5 to FIPS for an 18-month transition period Long term (2-5 years): Move toward PSS signatures upgrade in due course — e.g., with new hash functions

15 More information PKCS #1 v2.0 (and the v2.1 draft) is available from

Download ppt "RSA Laboratories’ PKCS Series - a Tutorial"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
8. Data Integrity Techniques

8. Data Integrity Techniques
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.
CIS 5371 Cryptography Introduction.

CIS 5371 Cryptography Introduction.
Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.

Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
PKCS #1 v2.1: RSA Cryptography Standard

PKCS #1 v2.1: RSA Cryptography Standard
1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.

1 Lect. 13 : Public Key Encryption RSA ElGamal. 2 Shamir Rivest Adleman RSA Public Key Systems  RSA is the first public key cryptosystem  Proposed in.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,

Similar presentations

Ads by Google