Paper 2002/071

Further Results and Considerations on Side Channel Attacks on RSA

Vlastimil Klima and Tomas Rosa


This paper contains three parts. In the first part we present a new side channel attack on plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger´s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher’s and Manger’s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be converted to an attack on the RSA signature scheme with any message encoding (not only PKCS). This is a new threat for those implementations of PKI, in which the roles of signature and encryption keys are not strictly separated. This situation is often encountered in the SSL protocol used to secure access to web servers. In the third part we deploy a general idea of fault-based attacks on the RSA-KEM scheme and present two particular attacks as the examples. The result is the private key instead of the plaintext as with attacks on PKCS#1 v.1.5 and v.2.1. These attacks should highlight the fact that the RSA-KEM scheme is not an entirely universal solution to problems of RSAES-OAEP implementation and that even here the manner of implementation is significant.

Note: Several typos corrected.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Final version is to be published in proceedings of CHES 2002.
side channel attackconfirmation oracleRSA-KEMRSAES-OAEPPKCS#1 v.1.5PKCS#1 v.2.1Bleichenbacher's attackManger's attackpower analysisfault analysis
Contact author(s)
vlastimil klima @ i cz
2002-08-28: revised
2002-06-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Vlastimil Klima and Tomas Rosa},
      title = {Further Results and Considerations on Side Channel Attacks on RSA},
      howpublished = {Cryptology ePrint Archive, Paper 2002/071},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.