Questions tagged [pss]

In a Probabilistic Signature Scheme, the signature depends on a random input, in addition to the private key and message.

Probabilistic signature scheme opposes to deterministic signature scheme.

RSASSA-PSS, ECDSA, and ISO/IEC 9796-2 scheme 2 are common probabilistic signature schemes.

RSASSA-PKCS1-v1_5, EdDSA, and ISO/IEC 9796-2 schemes 1 and 3 are common deterministic signature schemes.

3 questions

votes

1 answer

Is Bypassing Padding Verification in RSA-PSS Dangerous?

I am currently working on a project involving RSA-PSS (Probabilistic Signature Scheme) for digital signatures. While researching potential vulnerabilities, I came across the well-known Bleichenbacher attack, which primarily targets PKCS1 v1.5…

asked Jan 13 '24 at 20:50

user113612

votes

2 answers

Preferred SHA-2 hash algorithm for MGF1 in RSA

Does it make any difference to the security and efficiency if we use SHA-256 or SHA-512 for the Mask Generation Function MGF1 that generates the masking / padding within the OAEP encryption scheme and the PSS signature scheme? A lot of…

rsa padding sha-2 oaep pss

asked May 21 '19 at 16:09

Maarten Bodewes

96,351
14
169
323

vote

1 answer

Why does RSASSA-PSS produce different signature each time even if I use same salt and same message?

I understand that RSASSA-PSS is not deterministic. But I see that in message encoding, MGF and SHA functions are deterministic. So even if I keep default salt length, it produces different signature. Where is the randomness introduced?

rsa pss

asked Sep 05 '19 at 14:27

Maulik