Cryptology ePrint Archive: Report 2015/368

Breaking the Rabin-Williams digital signature system implementation in the Crypto++ library

Evgeny Sidorov

Abstract: This paper describes a bug in the implementation of the Rabin-Williams digital signature in the \texttt{Crypto++} framework. The bug is in the misuse of blinding technique that is aimed at preventing timing attacks on the digital signature system implementation, but eventually results in an opportunity to find the private key having only two different signatures of the same message. The CVE identifier of the issue is \texttt{CVE-2015-2141}.

Category / Keywords: implementation / cryptanalysis, digital signatures, implementation

Date: received 22 Apr 2015

Contact author: e-sidorov at yandex-team com

Available format(s): PDF | BibTeX Citation

Version: 20150423:131328 (All versions of this report)

Short URL: ia.cr/2015/368

Discussion forum: Show discussion | Start new discussion