Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries

Smart, Nigel P.

doi:10.1007/978-3-642-11925-5_2

Nigel P. Smart¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 5985))

Included in the following conference series:

Cryptographers’ Track at the RSA Conference

1680 Accesses
4 Citations

Abstract

We show that one can recover the PIN from a standardized RSA-based PIN encryption algorithm from a small number of queries to a ciphertext validity checking oracle. The validity checking oracle required is rather special and we discuss whether such oracles could be obtained in the real world. Our method works using a minor extension to the ideas of Bleichenbacher and Manger, in particular we obtain information from negative, as well as positive, responses from the validity checking oracle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Chapter Google Scholar
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Google Scholar
Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: IEEE Symposium on Security and Privacy, pp. 281–295 (2008)
Google Scholar
EMV. Integrated circuit card specifications for payment systems, Book 2. Security and Key Management. Version 4.2 (June 2008), www.emvco.com
EMV. Integrated circuit card specifications for payment systems, Book 3. Application Specification. Version 4.2 (June 2008), www.emvco.com
ISO 9564-2. Banking – Personal Identification Number management and security – Part 2: Approved algorithm(s) for PIN encipherment (2005), www.iso.org
Manger, J.: A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS # 1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)
Chapter Google Scholar
Radu, C.: Implementing electronic card payment systems. Artech House Publishers (2002)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom
Nigel P. Smart

Authors

Nigel P. Smart
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computing, Macquarie University, NSW 2109, Sydney, Australia
Josef Pieprzyk

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Smart, N.P. (2010). Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries. In: Pieprzyk, J. (eds) Topics in Cryptology - CT-RSA 2010. CT-RSA 2010. Lecture Notes in Computer Science, vol 5985. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11925-5_2

Download citation

DOI: https://doi.org/10.1007/978-3-642-11925-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11924-8
Online ISBN: 978-3-642-11925-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics