Index Calculation Attacks on RSA Signature and Encryption
نویسندگان
چکیده
At Crypto ’85, Desmedt and Odlyzko described a chosen-ciphertext attack against plain RSA encryption. The technique can also be applied to RSA signatures and enables an existential forgery under a chosen-message attack. The potential of this attack remained untapped until a twitch in the technique made it effective against two very popular RSA signature standards, namely iso/iec 9796-1 and iso/iec 9796-2. Following the attack iso/iec 9796-1 was withdrawn and iso/iec 9796-2 amended. In this paper, we recall Desmedt and Odlyzko’s attack as well as its application to the cryptanalysis of iso/iec 9796-2.
منابع مشابه
On the security of RSA textbook signature scheme on Paillier ciphertext
In this paper we consider Pailler encryption and RSA textbook signature. We show that due to valuable homomorphic property these algorithms can be used together to obtain a valid signature on a certain combination of ciphertexts. Our goal is to show that this combination of algorithms provide security against chosen plaintext and chosen ciphertext attacks.
متن کاملUniversal Padding Schemes for RSA
A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is differen...
متن کاملFurther Results and Considerations on Side Channel Attacks on RSA
This paper contains three parts. In the first part we present a new side channel attack on plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger ́s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher’s and Manger’s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be conver...
متن کاملPadding attacks on RSA
This paper presents a non-technical overview of the the recent attacks against RSA encryption and signature standards. It is intended as both a system design aid and a temporary reference text beginning at a level suitable for engineers, risk managers and system architects with no or little previous exposure to padding attacks. We have used a straightforward approach to the essential consequenc...
متن کاملImprovement in RSA Cryptosystem
Boneh and Shacham gave a nice survey on four variants (Batch RSA, MultiPrime RSA, MultiPower RSA, Rebalanced RSA). Rebalanced RSA and MultiPower RSA were then combined to increase the decryption/signature generation performance. This combination theoretically improves the decryption/signature generation time about 14 times than RSA with CRT and about 56 times than the standard RSA with key size...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Des. Codes Cryptography
دوره 38 شماره
صفحات -
تاریخ انتشار 2006