On the broadcast and validity-checking security of PKCS#1 v1.5 encryption

Authors:
Aurélie Bauer;Jean-Sébastien Coron;David Naccache;Mehdi Tibouchi;Damien Vergnaud
Affiliations:
École normale supérieure, C.N.R.S., I.N.R.I.A., Département d'informatique, Paris Cedex 05, France;Université du Luxembourg, Luxembourg, Luxembourg;École normale supérieure, C.N.R.S., I.N.R.I.A., Département d'informatique, Paris Cedex 05, France;École normale supérieure, C.N.R.S., I.N.R.I.A., Département d'informatique, Paris Cedex 05, Franceb and Université du Luxembourg, Luxembourg, Luxembourg;École normale supérieure, C.N.R.S., I.N.R.I.A., Département d'informatique, Paris Cedex 05, France
Venue:
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Year:
2010

Citing 13
Cited 0

A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Solving simultaneous modular equations of low degree

SIAM Journal on Computing - Special issue on cryptography
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Extended Notions of Security for Multicast Public Key Cryptosystems

ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
Universal Padding Schemes for RSA

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited

Proceedings of the 6th IMA International Conference on Cryptography and Coding
RSA-OAEP Is Secure under the RSA Assumption

Journal of Cryptology
Finding a small root of a univariate modular equation

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Public-key encryption in a multi-user setting: security proofs and improvements

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New attacks on PKCS#1 v1.5 encryption

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes new attacks on pkcs#1 v1.5, a deprecated but still widely used rsa encryption standard. The first cryptanalysis is a broadcast attack, allowing the opponent to reveal an identical plaintext sent to different recipients. This is nontrivial because different randomizers are used for different encryptions (in other words, plaintexts coincide only partially). The second attack predicts, using a single query to a validity checking oracle, which of two chosen plaintexts corresponds to a challenge ciphertext. The attack's success odds are very high. The two new attacks rely on different mathematical tools and underline the need to accelerate the phase out of pkcs#1 v1.5.