On the Broadcast and Validity-Checking Security of PKCS#1 v1.5 Encryption
This paper describes new attacks on PKCS#1 v1.5, a depre cated but still widely used RSA encryption standard. The first cryptanalysis is a broadcast attack, allowing the opponent to reveal an idetical plaiiltext sent to diffcrent recipients. This is nontrivial because different randomizers are used for different encryptions (in other words, plaintexts coincide only partially). The second attack predicts, using a single query to a validity check ing oracle, which of two chosen plaintexts corresponds to a challenge ciphertext. The attacks success odds are very high. The two new attacks rely on different mathematical tools and under line the need to accelerate the phase out of PKCS#1 v1.5.
PKCS#1 v1.5 Encryption Broadcast Encryption Cryptanalysis
Aurélie Bauer Jean-Sébastien Coron David Naccache Mehdi Tibouchi Damien Vergnaud
(E)cole normale supérieure - C.N.R.S. - I.N.R.I.A.Département dinformatique, Groupe de cryptographi Université, du Luxembourg 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg, Luxembourg (E)cole normale supérieure - C.N.R.S. - I.N.R.I.A.Département dinformatique, Groupe de cryptographi
国际会议
8th International Conference,ACNS 2010(第八届国际应用密码与网络安全大会)
北京
英文
1-18
2010-06-22(万方平台首次上网日期,不代表论文的发表时间)