Corpus ID: 3697345

Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures

@inproceedings{Khn2008VariantsOB,
  title={Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures},
  author={Ulrich K{\"u}hn and A. Pyshkin and E. Tews and R. Weinmann},
  booktitle={Sicherheit},
  year={2008}
}
We give three variants and improvements of Bleichenbacher’s low-exponent attack from CRYPTO 2006 on PKCS#1 v1.5 RSA signatures. For each of these three variants the fake signature representatives are accepted as valid by a flawed implementation. Our attacks work against much shorter keys as Bleichenbacher’s original attack, i.e. even for usual 1024 bit RSA keys. The first two variants can be used to break a certificate chain for vulnerable implementations, if the CA uses a public exponent of 3… Expand
7 Citations

References

SHOWING 1-10 OF 15 REFERENCES
TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM
  • 606
  • PDF
Collision-Resistant Hashing: Towards Making UOWHFs Practical
  • 245
  • PDF
PKCS # 1 : RSA Encryption Standard
  • 31
RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
  • 45
  • PDF
Bleichenbacher's RSA signature forgery based on implementation error. Post to the IETF OpenPGP mailing list
  • Bleichenbacher's RSA signature forgery based on implementation error. Post to the IETF OpenPGP mailing list
  • 2006
Bleichenbacher’s RSA signature forgery based on implementation error
  • Post to the IETF OpenPGP mailing list, August
  • 2006
GNUTLS-SA-2006-4 vulnerability report
  • Post to the gnutls-dev mailing list, September
  • 2006
GNUTLS-SA-2006-4 vulnerability report. Post to the gnutls-dev mailing list
  • GNUTLS-SA-2006-4 vulnerability report. Post to the gnutls-dev mailing list
  • 2006
Re: Why the exponent 3 error happened
  • Post to cryptography mailing list, September
  • 2006
Re: Why the exponent 3 error happened. Post to cryptography mailing list
  • Re: Why the exponent 3 error happened. Post to cryptography mailing list
  • 2006
...
1
2
...