MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS1 (1998) [151 citations — 1 self]

by Daniel Bleichenbacher
Add To MetaCart

Abstract:

This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our attackisSSL V.3.0.

Citations

342 Rogaway: Relations Among Notions of Security for Public-Key Encryption Schemes; Crypto '98, LNCS 1462 – Bellare, Desai, et al. - 1998
332 Shoup: A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack; Crypto '98, LNCS 1462 – Cramer, Victor - 1998
166 Optimal asymmetric encryption – Bellare, Rogaway - 1995
26 Chosen signature cryptanalysis of the RSA (MIT) public-key cryptosystem, TR-CS-82-2, Department of electrical engineering and computer science – Davida - 1982
26 Timing Attacks on Implementations of Die-Hellman, RSA, DSS, and Other Systems – Kocher
21 Why and How to Establish a Private Code on a Public Network – Goldwasser, Micali, et al. - 1982
1 Bit security of RSA and Rabin functions – Alexi, Chor, et al. - 1988
1 The security of individual RSA bits. manusrcipt – Hastad, Naslund - 1998
1 SSLeay 0.8.1. url = http://www.cryptsoft.com/ This article was processed using the LaT E X macro package with LLNCS style – Young
1 Bit security of RSA and Rabin functions. SIAM Journal of computing – Alexi, Chor, et al. - 1988
View or Download | Add to My Collection | Correct Errors