Side-Channel Attacks on Textbook RSA and ElGamal Encryption
- 2.2k Downloads
This paper describes very e.cient attacks on plain RSA encryption as usually described in textbooks. These attacks exploit side channels caused by implementations that, during decryption, incorrectly make certain assumption on the size of message. We highlight different assumptions that are easily made when implementing plain RSA decryption and present corresponding attacks.
These attacks make clear that plain RSA is a padding scheme that has to be checked carefully during decryption instead of simply assuming a length of the transported message.
Furthermore we note that the attacks presented here do also work against a similar setting of ElGamal encryption with only minimal changes.
KeywordsRSA encryption ElGamal encryption Side-channel attack
- D. Balenson. RFC 1423: Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes, and identifiers, Feb. 1993. Obsoletes RFC1115 . 335, 336Google Scholar
- D. Bleichenbacher. Decrypting ElGamal messages. Message to ietf-openpgp mailing list on imc.org, April 1999. http://www.imc.org/ietf-open-pgp/mail-archive/msg02431.html. 333
- Bremen Online Services. OSCI–Online-Services-Computer-Interface. Candidate for Version 1.0, November 2000. http://www.bos-bremen.de/downloads/kap10 1.html. 334
- T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G.R. Blakley and D. Chaum, editors, Advances in Cryptology: Proceedings of CRYPTO 84, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer-Verlag, 1985, 19–22 Aug. 1984. 333Google Scholar
- HBCI — Home Banking Computer Interface. Specification Version 2.2, May 2000. http://www.hbci.de/. 334
- HBCI–Home Banking Computer Interface. Draft Specification Version 3.0, July 2002. http://www.hbci.de/. 334
- J. Linn. RFC 1115: Privacy enhancement for Internet electronic mail: Part III—algorithms, modes, and identifiers, Aug. 1989. Obsoleted by RFC1423 . 335, 336Google Scholar
- J. Manger. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. In J. Kilian, editor, Advances in Cryptology — Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 230–238. Springer Verlag, 2001. 324, 325, 327, 331Google Scholar
- OSCI Leitstelle. OSCI-Transport Version 1.2, June 2002. See http://www.osci.de/projekte/osci.html. 335
- H. Riesel. Prime Numbers and Computer Methods for Factorization. Birkhäuser, 2nd edition, 1994. 331, 333Google Scholar