Weaknesses in Current RSA Signature Schemes
نویسندگان
چکیده
This work presents several classes of messages that lead to data leakage during modular exponentiation. Such messages allow for the recovery of the entire secret exponent with a single power measurement. We show that padding schemes as defined by industry standards such as PKCS#1 and ANSI x9.31 are vulnerable to side-channel attacks since they meet the characteristics defined by our classes. Though PKCS#1 states that there are no known attacks against RSASSA-PKCS1-v1 5, the EMSA-PKCS1-v1 5 encoding in fact makes the scheme vulnerable to side-channel analysis. These attacks were validated against a real-world smartcard system, the Infineon SLE78, which ran our proof of concept implementation. Additionally, we introduce methods for the elegant recovery of the full RSA private key from blinded RSA CRT exponents.
منابع مشابه
Double voter perceptible blind signature based electronic voting protocol
Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this p...
متن کاملComments on a Threshold Proxy Signature Scheme Based on the RSA Cryptosystem
In a (t, n) proxy signature scheme, the original signer can delegate his/her signing capability to n proxy signers such that any t or more proxy singers can sign messages on behalf of the former, but t − 1 or less of them cannot do the same thing. Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite commo...
متن کاملSecure network bootstrapping: An algorithm for authentic key exchange and digital signitures
Section 2 introduces some clcmcntary mathematical concepts that will be used throughout the paper. Section 3 specifics the necessary assumptions and initializations for the method proposed here. Section 4 describes the key exchange protocol. Section 5 prcscnts a variation of the key exchange algorithm, which yields the signature schcmc. In Section b, a number of attacks to the key cxchangc and ...
متن کاملA Cryptographic Study of Some Digital Signature Schemes
RSA Cryptosystem ElGamal Cryptosystem Messey Omura Cryptosystem Knapsack Cryptosystem Construction of Knapsack Cryptosystem Quadratic Residue Cryptosystem Hybrid Cryptosystem: Diffie Hellman’s key Exchange Digital Signatures A Classification of Digital Signature Schemes Digital Signature Schemes with Appendix Digital Signature Schemes with Message Recovery RSA Signature Scheme Feige– Fiat – Sha...
متن کاملA New Idea in Digital Signature Schemes
Since the invention of the first idea of digital signatures relied on public key algorithms many properties are added, and numerous novel schemes are developed. Besides this grow, a novel idea in identification schemes relied on public key algorithms is also presented, that is zero knowledge proof of identity. However, along with this development many remarkable schemes for instance the Fiat-Sh...
متن کامل