Paper 2010/135

On The Broadcast and Validity-Checking Security of PKCS \#1 v1.5 Encryption

Aurélie Bauer, Jean-Sébastien Coron, David Naccache, Mehdi Tibouchi, and Damien Vergnaud

Abstract

This paper describes new attacks on PKCS \#1 v1.5, a deprecated but still widely used RSA encryption standard. The first cryptanalysis is a broadcast attack, allowing the opponent to reveal an identical plaintext sent to different recipients. This is nontrivial because different randomizers are used for different encryptions (in other words, plaintexts coincide only partially). The second attack predicts, using a single query to a validity checking oracle, which of two chosen plaintexts corresponds to a challenge ciphertext. The attack's success odds are very high. The two new attacks rely on different mathematical tools and underline the need to accelerate the phase out of PKCS \#1 v1.5.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. To appear in the proceedings of ACNS 2010 (full version)
Keywords
PKCS \#1 v1.5EncryptionBroadcast EncryptionCryptanalysis
Contact author(s)
aurelie bauer @ ens fr
History
2010-04-14: revised
2010-03-12: received
See all versions
Short URL
https://ia.cr/2010/135
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/135,
      author = {Aurélie Bauer and Jean-Sébastien Coron and David Naccache and Mehdi Tibouchi and Damien Vergnaud},
      title = {On The Broadcast and Validity-Checking Security of PKCS \#1 v1.5 Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2010/135},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/135}},
      url = {https://eprint.iacr.org/2010/135}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.