Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries

* Final gross prices may vary according to local VAT.

Get Access

Abstract

We show that one can recover the PIN from a standardized RSA-based PIN encryption algorithm from a small number of queries to a ciphertext validity checking oracle. The validity checking oracle required is rather special and we discuss whether such oracles could be obtained in the real world. Our method works using a minor extension to the ideas of Bleichenbacher and Manger, in particular we obtain information from negative, as well as positive, responses from the validity checking oracle.