International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Formal Proof for the Correctness of RSA-PSS

Christina Lindenberg
Kai Wirt
Johannes Buchmann
Search ePrint
Search Google
Abstract: Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. This paper is one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. In this paper we give a formal specification of the RSA probabilistic signature scheme (RSA-PSS) [4] which is used as algorithm for digital signatures in the PKCS #1 v2.1 standard [7]. Additionally we show the correctness of RSA-PSS. This includes the correctness of RSA, the formal treatment of SHA-1 and the correctness of the PSS encoding method. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.
  title={Formal Proof for the Correctness of RSA-PSS},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / specification, verification, digital signature},
  note={ 13158 received 10 Jan 2006},
  author={Christina Lindenberg and Kai Wirt and Johannes Buchmann},