Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
نویسنده
چکیده
This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our attack is SSL V.3.0.
منابع مشابه
Chosen Ciphertext Attacks Against Protoco l s Based on the R S A Encrypt ion Standard
A b s t r a c t . This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS ~1. An example of a protocol s...
متن کاملHD{RSA: Hybrid Dependent RSA a New Public-Key Encryption Scheme
This paper describes a new hybrid RSA-based public-key encryption scheme, the HD-RSA. It relies on the recently proposed Dependent{RSA problem, which can be proven as di cult as the original RSA problem, in some circumstances. The basic scheme, using the \one-time pad" symmetric encryption, provides a both very e cient scheme and secure relative to the sole Dependent{RSA problem. A more general...
متن کاملA Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
An adaptive chosen ciphertext attack against PKCS #1 v2.0 RSA OAEP encryption is described. It recovers the plaintext – not the private key – from a given ciphertext in a little over log2 n queries of an oracle implementing the algorithm, where n is the RSA modulus. The high likelihood of implementations being susceptible to this attack is explained as well as the practicality of the attack. Im...
متن کاملOn the Broadcast and Validity-Checking Security of pkcs#1 v1.5 Encryption
This paper describes new attacks on pkcs#1 v1.5, a deprecated but still widely used rsa encryption standard. The first cryptanalysis is a broadcast attack, allowing the opponent to reveal an identical plaintext sent to different recipients. This is nontrivial because different randomizers are used for different encryptions (in other words, plaintexts coincide only partially). The second attack ...
متن کاملNote for Technical Report #007 Version 2. the Material on Oaep in This Report Has Been Superceded by Ntru Technical Report #016, " Protecting Ntru against Chosen Ciphertext and Reaction Attacks, " Available At
RSA and Bell Labs [2, 3] have recently announced a potential attack on certain public key protocols, along with several suggested countermeasures. The most secure of these countermeasures uses the concept of plaintext aware, which means that it should be infeasible to construct a valid ciphertext without knowing the corresponding plaintext. Failure to be plaintext aware may open a cryptosystem ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998