Cryptography Reference
In-Depth Information
Giraud [162], apply to this setting. However, see [226] for an indication that such
strategies may prove ineffective in more elaborate attack models.
Furthermore, it should be noted that ad hoc signature paddings have no proof of
security even against standard attacks. The ISO/IEC 9797-2 padding scheme, in par-
ticular, has a number of known vulnerabilities [107, 109]. It may be advisable to use
a probabilistic RSA signature scheme like PSS [31] instead, which is actually secure
in the random fault model considered here, as proved by Coron and Mandal [106].
