Topics in Cryptology - CT-RSA 2010

Volume 5985 of the series Lecture Notes in Computer Science pp 15-25

Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries

  • Nigel P. SmartAffiliated withDept. Computer Science, University of Bristol

* Final gross prices may vary according to local VAT.

Get Access


We show that one can recover the PIN from a standardized RSA-based PIN encryption algorithm from a small number of queries to a ciphertext validity checking oracle. The validity checking oracle required is rather special and we discuss whether such oracles could be obtained in the real world. Our method works using a minor extension to the ideas of Bleichenbacher and Manger, in particular we obtain information from negative, as well as positive, responses from the validity checking oracle.