On the regularity of lossy RSA: Improved bounds and applications to padding-based encryption

Adam Smith, Ye Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations


We provide new bounds on how close to regular the map x ↦ xe is on arithmetic progressions in ℤN, assuming e|Φ(N) and N is composite. We use these bounds to analyze the security of natural cryptographic problems related to RSA, based on the well-studied Φ-Hiding assumption. For example, under this assumption, we show that RSA PKCS #1 v1.5 is secure against chosen-plaintext attacks for messages of length roughly bits, whereas the previous analysis, due to [19], applies only to messages of length less than. In addition to providing new bounds, we also show that a key lemma of [19] is incorrect. We prove a weaker version of the claim which is nonetheless sufficient for most, though not all, of their applications. Our technical results can be viewed as showing that exponentiation in ℤN is a deterministic extractor for every source that is uniform on an arithmetic progression. Previous work showed this type of statement only on average over a large class of sources, or for much longer progressions (that is, sources with much more entropy).

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Proceedings
EditorsYevgeniy Dodis, Jesper Buus Nielsen
PublisherSpringer Verlag
Number of pages20
ISBN (Electronic)9783662464939
StatePublished - 2015
Event12th Theory of Cryptography Conference, TCC 2015 - Warsaw, Poland
Duration: Mar 23 2015Mar 25 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other12th Theory of Cryptography Conference, TCC 2015

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'On the regularity of lossy RSA: Improved bounds and applications to padding-based encryption'. Together they form a unique fingerprint.

Cite this