This paper introduces two new attacks on PKCS#1 v1.5, an RSA-based encryption standard proposed by RSA Laboratories. As opposed to Bleichenbacher’s attack, our attacks are chosen-plaintext only, i.e. they do not make use of a decryption oracle. The first attack applies to small public exponents and shows that a plaintext ending by sufficiently many zeroes can be recovered efficiently when two or more ciphertexts c orresponding to the same plaintext are available.We believe the technique we employ to be of independent interest, as it extends Coppersmith’s low-exponent attack to certain length parameters. Our second attack is applicable to arbitrary public exponents, provided that most message bits are zeroes. It seems to constitute the first chosen-plaintext attack on an RSA-based encryption standard that yields to practical results for any public exponent.
CITATION STYLE
Coron, J. S., Joye, M., Naccache, D., & Paillier, P. (2000). New Attacks on PKCS#1 v1.5 Encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1807, pp. 369–381). Springer Verlag. https://doi.org/10.1007/3-540-45539-6_25
Mendeley helps you to discover research relevant for your work.