Questions tagged [rsa-pss]

RSA-PSS (officially: RSASSA-PSS) is an RSA signature scheme that is provably reduced to the RSA problem.

In a Probabilistic Signature Scheme (pss), the signature depends on a random input, in addition to the private key and message.

RSASSA-PSS is one such scheme for RSA. That is, the only way to break RSASSA-PSS would be to solve the RSA problem itself, or the underlying hash. Whenever possible, RSASSA-PSS (or a de-randomized version, which remains compatible on the verifier side and is at least as secure) should be used in place of PKCS#1v1.5, which has no such proof.

39 questions

votes

2 answers

Why does PSS produce an EM message that's almost as long as the modulus?

I try to understand the reasons behind the design of PSS scheme for RSA. Why is the length of the EM message (that is, the result of PSS transformation just before signing) equals approximately to the size of the modulus? Why PSS does not use a last…

rsa-pss

asked Sep 13 '17 at 20:17

Dingo13

2,867
3
27
46