The smaller the public exponent in the RSA public key encryption or RSA digital signature schemes, the more efficient the encryption process is. Michael O. Rabin thus suggested to use \(e = 2\) into an encryption scheme [12]. But things are not as simple as for RSA.
MOdular Squaring
Thanks to the Euler's theorem, one can easily extract modular eth roots, until e is co-prime to \(\varphi(n)\) (see Euler's Totient function) and the latter value is known: \(d = e^{\rm -l}\) mod \(varphi(n)\) helps to get it. Unfortunately, \(e = 2\) is not co-prime to \(varphi(n)\), moreover squaring is not a bijection in the group \(\mathbb{Z}_n^\ast\), for \(n = p q\) (see also modular arithmetic), and even in \(\mathbb{Z}_p^\ast\) for a prime number p: if x is a square root of y in \(mathbb{Z}_p^\ast\), then \(-x\) is also a square root of y. More formally, the function \(f : x \mapsto x^2\) mod p from \(\mathbb{Z}_p^\ast\) into \(\mathbb{Z}_p^\ast\) is a morphism, whose kernel is \(\{-1,+1\}\). As a...
References
Bellare, M. and P. Rogaway (1993). “Random oracles are practical: A paradigm for designing efficient protocols.” Proceedings of the 1st CCS. ACM Press, New York, 62–73.
Bellare, M. and P. Rogaway (1995). “Optimal asymmetric encryption—how to encrypt with RSA.” Advances in Cryptography—EUROCRYPT'94, Lecture Notes in Computer Science, vol. 950, ed. A. De Santis. Springer-Verlag, Berlin, 92–111.
Bleichenbacher, D. (1998). “A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1.” Advances in Cryptography—CRYPTO'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer-Verlag, Berlin, 1–12.
Blum, M. and S. Micali (1984). “How to generate cryptographically strong sequences of pseudorandom bits.” SIAM Journal on Computing, 13, 850–864.
Boneh, D. (2001). “Simplified OAEP for the RSA and Rabin functions.” Advances in Cryptography—CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, ed. J. Kilian. Springer-Verlag, Berlin, 275–291.
Boneh, D. and G. Durfee (2000). “Cryptanalysis of RSA with private key d less than N 0.292.” IEEE Transactions on Information Theory, 46 (4), 1339–1349.
Fiat, A. and A. Shamir (1987). “How to prove yourself: Practical solutions of identification and signature problems.” Advances in Cryptography—CRYPTO'86, Lecture Notes in Computer Science, vol. 263, ed. A.M. Odlyzko. Springer-Verlag, Berlin, 186–194.
Fujisaki, E., T. Okamoto, D. Pointcheval, and J. Stern (2001). “RSA–OAEP is secure under the RSA assumption.” Advances in Cryptography—CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, ed. J. Kilian. Springer-Verlag, Berlin, 260–274.
Håstad, J. (1988). “Solving simultaneous modular equations of low degree.” SIAM Journal of Computing, 17, 336–341.
Miller, G. (1976). “Riemann's hypothesis and tests for primality.” Journal of Computer and System Sciences, 13, 300–317.
Naor, M. and M. Yung (1989). “Universal one-way hash functions and their cryptographic applications.” Proceedings of the 21st STOC. ACM Press, New York, 33–43.
Rabin, M.O. (1978). “Digitalized signatures.” Foundations of Secure Computation, eds. R. Lipton and R. De Millo. Academic Press, New York, 155–166.
Rackoff, C. and D.R. Simon (1992). “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack.” Advances in Cryptology—CRYPTO'91, Lecture Notes in Computer Science, vol. 576, ed. J. Feigenbaum. Springer-Verlag, Berlin, 433–444.
Rivest, R., A. Shamir, and L. Adleman (1978). “A method for obtaining digital signatures and public key cryptosystems.” Communications of the ACM, 21 (2), 120–126.
Shoup, V. (2001). “OAEP reconsidered.” Advances in Cryptology—CRYPTO 2001, Lecture Notes in Computer Science, vol. 2139, ed. J. Kilian. Springer-Verlag, Berlin, 239–259.
Wiener, M. (1990). “Cryptanalysis of short RSA secret exponents.” IEEE Transasctions on Information Theory, 36 (3), 553–558.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this entry
Cite this entry
Pointcheval, D. (2005). Rabin Cryptosystem. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA . https://doi.org/10.1007/0-387-23483-7_339
Download citation
DOI: https://doi.org/10.1007/0-387-23483-7_339
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-23473-1
Online ISBN: 978-0-387-23483-0
eBook Packages: Computer ScienceReference Module Computer Science and Engineering