Side-Channel Attacks on Textbook RSA and ElGamal Encryption
نویسنده
چکیده
This paper describes very efficient attacks on plain RSA encryption as usually described in textbooks. These attacks exploit side channels caused by implementations that, during decryption, incorrectly make certain assumption on the size of message. We highlight different assumptions that are easily made when implementing plain RSA decryption and present corresponding attacks. These attacks make clear that plain RSA is a padding scheme that has to be checked carefully during decryption instead of simply assuming a length of the transported message. Furthermore we note that the attacks presented here do also work against a similar setting of ElGamal encryption with only minimal changes.
منابع مشابه
Why Textbook ElGamal and RSA Encryption Are Insecure
We present an attack on plain ElGamal and plain RSA encryption. The attack shows that without proper preprocessing of the plaintexts, both ElGamal and RSA encryption are fundamentally insecure. Namely, when one uses these systems to encrypt a (short) secret key of a symmetric cipher it is often possible to recover the secret key from the ciphertext. Our results demonstrate that preprocessing me...
متن کاملComparison of two Public Key Cryptosystems
Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...
متن کاملElimination of Side Channel attacks on a Precision Timed Architecture
Side-channel attacks exploit information-leaky implementations of cryptographic algorithms to find the encryption key. These information leaks are caused by the underlying execution platform which contain hardware elements designed to optimize performance at the expense of predictable execution time. This shows that for security systems, not only does the software need to be secure, but the exe...
متن کاملSecuring RSA algorithm against timing attack
Security plays an important role in many embedded systems. All security based algorithms are implemented in hardware or software, and on physical devices which interact with the systems and influenced by their environments. The attacker extracts, investigate and monitor these physical interactions and extracts side channel information which is used in cryptanalysis. This type of cryptanalysis i...
متن کاملFurther Results and Considerations on Side Channel Attacks on RSA
This paper contains three parts. In the first part we present a new side channel attack on plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger ́s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher’s and Manger’s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be conver...
متن کامل