Abstract
On Crypto’ 88, Matsumoto, Kato, and Imai presented protocols to speed up secret computations with insecure auxiliary devices. The two most important protocols enable a smart card to compute the secret RSA operation faster with the help of a server that is not necessarily trusted by the card holder. It was stated that if RSA is secure, the protocols could only be broken by exhaustive search in certain spaces. Our main attacks show that much smaller search spaces suffice. These attacks are passive and therefore undetectable. It was already known that one of the protocols is vulnerable to active attacks. We show that this holds for the other protocol, too. More importantly, we show that our attack may still work if the smart card checks the correctness of the result; this was previously believed to be an easy measure excluding all active attacks. Finally, we discuss attacks on related protocols.
Cite
CITATION STYLE
Pfitzmann, B., & Waidner, M. (1993). Attacks on protocols for server-aided RSA computation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 658 LNCS, pp. 153–162). Springer Verlag. https://doi.org/10.1007/3-540-47555-9_13
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
