Re: Reverse usage of public/private RSA encryption keys for licensing?

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 18:59:53 +0100

In other words, assuming special hash properties, there is a theorem that
proves that forging of RSA signature is at least as difficult as RSA problem
it-self. And without hash, no such proof exists - ie. without hash it may be
simpler to forger than to solve RSA problem.

-Valery.
http://www.harper.no/valery

"Valery Pryamikov" <Valery@nospam.harper.no> wrote in message
news:eIRHvEY0EHA.2012@TK2MSFTNGP15.phx.gbl...
> It's just that there is a theorem that proves that if we use random oracle
> as hash (highest level of collision resistance), than existence of an
> algorithm to forge signature (RSA private key encryption of random oracle
> hash) gives ability to solve RSA problem with sufficient amount of signing
> requests (non-tight reduction means that amount of signing requests could
> be quite high). Hash is essential part of this theorem - ie. no hash - no
> security prove. SHA1 doesn't provide the same level of collision
> resistance, but having really good collision resistances properties (none
> has managed to find SHA1 collision so far) it presents good practical
> substitution to the random oracle. Using private exponent for encrypting
> arbitrary data doesn't have any security prove.
>
> -Valery.
> http://www.harper.no/valery
>
> "William Stacey [MVP]" <staceywREMOVE@mvps.org> wrote in message
> news:OQhm1KX0EHA.1296@TK2MSFTNGP10.phx.gbl...
>>> Use RSA singing. RSA signature with strong hash (ie. SHA1) provides much
>>> better security than encryption of data with RSA private key (ie. what
>>> you
>>> asked about).
>>
>> Hi Valery. That seems to suggest that RSA signature entails more then
>> just
>> encrypting the hash bytes? Is there more going on? TIA
>>
>> --
>> William Stacey, MVP
>> http://mvp.support.microsoft.com
>>
>>
>
>