Abstract
This paper contains three parts. In the first part we present a new side channel attack on a plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger’s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher’s and Manger’s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be converted to an attack on the RSA signature scheme with any message encoding (not only PKCS). In the third part we deploy a general idea of fault-based attacks on the RSA-KEM scheme and present two particular attacks as the examples. The result is the private key instead of the plaintext as with attacks on PKCS#1 v.1.5 and v.2.1. These attacks should highlight the fact that the RSA-KEM scheme is not an entirely universal solution to problems of RSAES-OAEP implementation and that even here the manner of implementation is significant.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Akkar, M.-L., Bevan, R., Dischamp, P. and Moyart, D}.: Power Analysis, What Is Now Possible..., in Proc. of ASIACRYPT 2000, pp. 489–502, 2000.
Alexi, W., Chor, B., Goldreich, O. and Schnorr, C.: RSA and Rabin functions: Certain parts are as hard as the whole, SIAM Journal on Computing, 17(2), pp. 194–209, 1988.
Bao, F., Deng, R.-H., Han, Y., Jeng, A., Narasimhalu, A.-D. and Ngair, T.: Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults, in Proc. of Security Protocols’ 97, pp. 115–124, 1997.
Bellare, M. and Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, October 20, 1995, originally published in Proc. of the First ACM Conference on Computer and Communications Security, ACM, November 1993.
Bleichenbacher, D.: Chosen Ciphertexts Attacks Against Protocols Based on the RSA Encryption Standard PKCS#1, in Proc. of CRYPTO’ 98, pp. 1–12, 1998.
Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystems, Notices of the American Mathematical Society, vol. 46, no. 2, pp. 203–213, 1999.
Boneh, D., DeMillo, R. A. and Lipton, R. J.: On the Importance of Checking Cryptographic Protocols for Faults, in Proc. of EUROCRYPT’ 97, pp. 37–51, 1997.
Chari, S., Jutla, C.-S., Rao, J. and Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks, in Proc. of CRYPTO’ 99, pp. 398–411, 1999.
Fischlin, R. and Schnorr, C. P.: Stronger Security Proofs for RSA and Rabin Bits, in Proc. of EUROCRYPT’ 97, pp. 267–279, 1997.
Fischlin, R. and Schnorr, C. P.: Stronger Security Proofs for RSA and Rabin Bits, Journal of Cryptology, Vol. 13, No. 2, pp. 221–244, IACR, 2000.
Fujisaki, E., Okamoto, T., Pointcheval, D. and Stern, J.: RSA-OAEP Is Secure under the RSA Assumption, in Proc. of CRYPTO 2001, pp. 260–274, 2001.
Gandolfi, K., Mourtel, C. and Olivier, F.: Electromagnetic Analysis: Concrete Results, in Proc. of CHES 2001, pp. 251–261, 2001.
Håstad, J. and Näslund M.: The Security of Individual RSA Bits, in Proc. of FOCS’ 98, pp. 510–521, 1998.
Kocher, P., Jaffe, J. and Jun, B.: Differential Power Analysis: Leaking Secrets, in Proc. of CRYPTO’ 99, pp. 388–397, 1999.
Manger, J.: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1, in Proc. of CRYPTO 2001, pp. 230–238, 2001.
Messegers, T.-S., Dabbish, E. A. and Sloan, R. H.: Investigations of Power Analysis Attacks on Smartcards, in Proc. of USENIX Workshop on Smartcard Technology, pp. 151–161, 1999.
PKCS#1 v2.1: RSA Cryptography Standard, RSA Labs, DRAFT2, January 5 2001.
PKCS#5 v2.0: Password-Based Cryptography Standard, RSA Labs, March 25, 1999.
Pohlig S.C., Hellman M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Trans. Inform. Theory, 24 (1978), 106–110.
Rao, J.-R and Rohatgi, P.: EMpowering Side-Channel Attacks, preliminary technical report, May 11 2001.
Rivest, R., L., Shamir, A. and Adleman L.: A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, pp. 120–126, 1978.
Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption (version 2.0), September 17, 2001.
Shoup, V.: OAEP Reconsidered (Extended Abstract), in Proc. of CRYPTO 2001, pp. 239–259, 2001.
Stinson, D., R.: Cryptography-Theory and Practice, CRC Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Klíma, V., Rosa, T. (2003). Further Results and Considerations on Side Channel Attacks on RSA. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, vol 2523. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36400-5_19
Download citation
DOI: https://doi.org/10.1007/3-540-36400-5_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00409-7
Online ISBN: 978-3-540-36400-9
eBook Packages: Springer Book Archive