Signature operation of RSASSA-PKCS1-v1_5 requires private key. Superficial limitation, or are public parameters mathematically incapable of it?

fartwhif

11/18/23, 4:07 PM

In the case of RSASSA-PKCS1-v1_5, is it simply that the cryptographic libraries and APIs are designed to only sign if determined superficially that it has a private key, or is the public key mathematically incapable of signing? Or perhaps in asking this way there is some major wrong assumption I'm making about keypairs and how they can be used?

1 + 1

fgrieu

11/18/23, 4:46 PM

You'll have to define _"mathematically capable"_, which is different from _practically capable_. That $n=p\,q$ with $p$ and $q$ primes and $p<q$ mathematically defines $p$ and $q$ from $n$. Are we thus _"mathematically capable"_ of finding $p$ and $q$ from $n$? If yes, then we are _"mathematically capable"_ of signing with the public key. If no, well, that's complicated, but the short answer is no.

Score:3

Crypto

Morrolan

11/18/23, 4:30 PM

Signature schemes are designed so that being in possession of the private key is required to sign messages. The public key in isolation only allows to verify signatures.

Compare this to public-key encryption schemes, where the private key is what is required to decrypt, while the public key in isolation is only capable of encrypting a message.

For more details on how asymmetric signature schemes are formalized, take a look at the appropriate section of any standard textbook, e.g. Chapter 13.3 of The Joy of Cryptography.

Another thing to keep in the back of your mind when studying RSA-based signature schemes is that, while the signature operation bears some resemblance to the encryption operation of textbook RSA, care must be taken not to conflate the two. For one the signature operation utilizes the private key, while encryption utilizes the public one. Further there are significant differences in the type of padding used in real-world schemes. See e.g. this answer for more on that.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Signature operation of RSASSA-PKCS1-v1_5 requires private key. Superficial limitation, or are public parameters mathematically incapable of it?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.