Side-Channel Attacks on Textbook RSA and ElGamal Encryption

This paper describes very efficient attacks on plain RSA encryption as usually described in textbooks. These attacks exploit side channels caused by implementations that, during decryption, incorrectly make certain assumption on the size of message. We highlight different assumptions that are easily made when implementing plain RSA decryption and present corresponding attacks.These attacks make clear that plain RSA is a padding scheme that has to be checked carefully during decryption instead of simply assuming a length of the transported message.Furthermore we note that the attacks presented here do also work against a similar setting of ElGamal encryption with only minimal changes.

[1]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[2]  H. Riesel Prime numbers and computer methods for factorization , 1985 .

[3]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[4]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers , 1989, RFC.

[5]  David M. Balenson,et al.  Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers , 1993, RFC.

[6]  H. Riesel Prime numbers and computer methods for factorization (2nd ed.) , 1994 .

[7]  Eric Bach,et al.  Asymptotic semismoothness probabilities , 1996, Math. Comput..

[8]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[9]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[10]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[11]  Antoine Joux,et al.  Why Textbook ElGamal and RSA Encryption Are Insecure , 2000, ASIACRYPT.

[12]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[13]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[14]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.