International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Further Results and Considerations on Side Channel Attacks on RSA

Vlastimil Klima
Tomas Rosa
Search ePrint
Search Google
Abstract: This paper contains three parts. In the first part we present a new side channel attack on plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger?s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher?s and Manger?s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be converted to an attack on the RSA signature scheme with any message encoding (not only PKCS). This is a new threat for those implementations of PKI, in which the roles of signature and encryption keys are not strictly separated. This situation is often encountered in the SSL protocol used to secure access to web servers. In the third part we deploy a general idea of fault-based attacks on the RSA-KEM scheme and present two particular attacks as the examples. The result is the private key instead of the plaintext as with attacks on PKCS#1 v.1.5 and v.2.1. These attacks should highlight the fact that the RSA-KEM scheme is not an entirely universal solution to problems of RSAES-OAEP implementation and that even here the manner of implementation is significant.
  title={Further Results and Considerations on Side Channel Attacks on RSA},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / side channel attack, confirmation oracle, RSA-KEM, RSAES-OAEP, PKCS#1 v.1.5, PKCS#1 v.2.1, Bleichenbacher's attack, Manger's attack, power analysis, fault analysis},
  note={Final version is to be published in proceedings of CHES 2002. 11927 received 23 May 2002, last revised 28 Aug 2002},
  author={Vlastimil Klima and Tomas Rosa},