Low Exponent Attack against Elliptic Curve RSA
نویسندگان
چکیده
Hastad showed that low exponent RSA is not secure if the same message is en-crypted to several receivers. This is true even if time-stamp is used for each receiver. For example, let e = 3. Then if the number of receivers = 7, the eavesdropper can nd the plaintext from the seven ciphertexts of each receiver. This paper shows that elliptic curve RSA is not secure in the same scinario. It is shown that the KMOV scheme and Demytko's scheme are not secure if e = 5; n 2 1024 and the number of receivers = 428. In Demytko's scheme, e can take the value of 2. In this case, this system is not secure if the number of receiver = 11 for n 2 175 .
منابع مشابه
On the Vulnerability of Exponent Recodings for the Exponentiation against Side Channel Attacks
In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achie...
متن کاملA New Attack with Side Channel Leakage During Exponent Recoding Computations
In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achie...
متن کاملSecure Elliptic Curve Exponentiation against RPA, ZRA, DPA, and SPA
SUMMARY In the execution on a smart card, side channel attacks such as the simple power analysis (SPA) and the differential power analysis (DPA) have become serious threat. Side channel attacks monitor the side channel information such as power consumption and even exploit the leakage information related to power consumption to reveal bits of a secret key d although d is hidden inside a smart c...
متن کاملA new and optimal chosen-message attack on RSA-type cryptosystems
Chosen-message attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSA-type cryptosystems are also susceptible to a chosen-message attack. In particular, we prove that only one message is needed to mount a successful chosen-message attack against the Lucas-based systems and Demytko’s elliptic curve system.
متن کاملVariants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures
We give three variants and improvements of Bleichenbacher’s low-exponent attack from CRYPTO 2006 on PKCS#1 v1.5 RSA signatures. For each of these three variants the fake signature representatives are accepted as valid by a flawed implementation. Our attacks work against much shorter keys as Bleichenbacher’s original attack, i.e. even for usual 1024 bit RSA keys. The first two variants can be us...
متن کامل