1999 | OriginalPaper | Buchkapitel
On the Security of RSA Padding
verfasst von : Jean-Sébastien Coron, David Naccache, Julien P. Stern
Erschienen in: Advances in Cryptology — CRYPTO’ 99
Verlag: Springer Berlin Heidelberg
Enthalten in: Professional Book Archive
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
This paper presents a new signature forgery strategy.The attack is a sophisticated variant of Desmedt-Odlyzko’s method [11] where the attacker obtains the signatures of m1, ..., mτ−1 and exhibits the signature of an mτ which was never submitted to the signer; we assume that all messages are padded by a redundancy function µ before being signed.Before interacting with the signer, the attacker selects µ smooth1µ(mi)-values and expresses µ(mτ) as amultiplicative combination of the padded strings µ(m1), ..., µ(mτ−1). The signature of mτ is then forged using the homomorphic property of RSA.For din ni-17.4, pkcs #1 v2.0 and ssl-3.02, the attack is only theoretical since it only applies to specific moduli and happens to be less efficient than factoring; therefore, the attack does not endanger any of these standards.