We prove that RSA least significant bit is 1/2 + (1/log c N) secure, for any constant c (where N is the RSA modulus). This means that an adversary, given the ciphertext, cannot guess the least sigiiilicatnt bit of the plaintext with probability better than 1/2 + (1/log c N), unless he can break RSA.

Mark Helpful

Bookmark

Relay

Mark Helpful

Bookmark

Relay

Cite This Study

Alexi et al. (Sun,) studied this question.

synapsesocial.com/papers/6a0caeb85712c53037e8c2c0 https://doi.org/https://doi.org/10.1109/sfcs.1984.715947

Also Consider

Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context:

1Efficient And Secure Pseudo-Random Number Generation2005 · 86 citations
2RSA bits are .732 + ε secure1984 · 14 citations
3On the cryptographic security of single RSA bits1983 · 39 citations
4How to construct random functions1986 · 2,111 citations
5How to Generate Cryptographically Strong Sequences of Pseudorandom Bits1984 · 1,331 citations

Also Consider

Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context:

1Efficient And Secure Pseudo-Random Number Generation2005 · 86 citations
2RSA bits are .732 + ε secure1984 · 14 citations
3On the cryptographic security of single RSA bits1983 · 39 citations
4How to construct random functions1986 · 2,111 citations
5How to Generate Cryptographically Strong Sequences of Pseudorandom Bits1984 · 1,331 citations