VOOZH about

URL: https://link.springer.com/chapter/10.1007/BFb0055716?error=cookies_not_supported&code=a9ce71a7-90da-43bc-b7ad-71df1ec1d81e

⇱ Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1 | Springer Nature Link

Skip to main content

Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1

  • Conference paper
  • First Online:

Abstract

This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our attack is SSL V.3.0.

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

References

  1. W. Alexi, B. Chor, O. Goldreich, and P. Schnorr. Bit security of RSA and Rabin functions. SIAM Journal of computing, 17(2):194–209, Apr. 1988.

  2. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryptions schemes. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO '98, Lecture Notes in Computer Science. Springer Verlag, (in press).

  3. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In A. D. Santis, editor, Advances in Cryptology — EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 92–111, Berlin, 1995. Springer Verlag.

  4. R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO '98, Lecture Notes in Computer Science. Springer Verlag, (in press).

  5. G. I. Davida. Chosen signature cryptanalysis of the RSA (MIT) public key cryptosystem. Technical Report TR-CS-82-2, Departement of Electrical Engineering and Computer Science, University of Wisconsin, Milwaukee, 1982.

  6. H. Finney. personal communication.

  7. A. O. Freier, P. Karlton, and P. C. Kocher. The SSL Protocol, Version 3.0. Netscape, Mountain View, CA, 96.

  8. S. Goldwasser, S. Micali, and P. Tong. Why and how to establish a private code on a public network. In Proc. 23rd IEEE Symp. on Foundations of Comp. Science, pages 134–144, Chicago, 1982.

  9. J. Håstad and M. Näslund. The security of individual ESA bits, manusrcipt, 1998.

  10. P. C. Kocher. Timing attacks on implementations of Diffie-Hellman RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology — CRYPTO '96, volume 1109 of Lecture Notes in Computer Science, pages 104–113, Berlin, 1996. Springer Verlag.

  11. RSA Data Security, Inc. PKCS #1: RSA Encryption Standard. Redwood City, CA, Nov. 1993. Version 1.5.

  12. E. A. Young. SSLeay 0.8.1. url = http://www.cryptsoft.com/

Download references

Author information

Authors and Affiliations

  1. Bell Laboratories, 700 Mountain Ave., 07974, Murray Hill, NJ

    Daniel Bleichenbacher

Authors
  1. Daniel Bleichenbacher

Editor information

Hugo Krawczyk

About this paper

Cite this paper

Bleichenbacher, D. (1998). Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055716

Download citation

  • DOI: https://doi.org/10.1007/BFb0055716

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64892-5

  • Online ISBN: 978-3-540-68462-6

  • eBook Packages: Springer Book Archive

Keywords

Publish with us

Policies and ethics