Weaknesses in Current RSA Signature Schemes
In: Information Security and Cryptology-ICISC 2011 ISBN: 9783642319112 ICISC; (2012)
Online
unknown
Zugriff:
This work presents several classes of messages that lead to data leakage during modular exponentiation. Such messages allow for the recovery of the entire secret exponent with a single power measurement. We show that padding schemes as defined by industry standards such as PKCS#1 and ANSI x9.31 are vulnerable to side-channel attacks since they meet the characteristics defined by our classes. Though PKCS#1 states that there are no known attacks against RSASSA-PKCS1-v1_5, the EMSA-PKCS1-v1_5 encoding in fact makes the scheme vulnerable to side-channel analysis. These attacks were validated against a real-world smartcard system, the Infineon SLE78, which ran our proof of concept implementation. Additionally, we introduce methods for the elegant recovery of the full RSA private key from blinded RSA CRT exponents.
Titel: |
Weaknesses in Current RSA Signature Schemes
|
---|---|
Autor/in / Beteiligte Person: | Seifert, Jean-Pierre ; Krämer, Juliane ; Nedospasov, Dmitry |
Link: | |
Quelle: | Information Security and Cryptology-ICISC 2011 ISBN: 9783642319112 ICISC; (2012) |
Veröffentlichung: | Springer Berlin Heidelberg, 2012 |
Medientyp: | unknown |
ISBN: | 978-3-642-31911-2 (print) |
DOI: | 10.1007/978-3-642-31912-9_11 |
Schlagwort: |
|
Sonstiges: |
|