Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries
We show that one can recover the PIN from a standardized RSA-based PIN encryption algorithm from a small number of queries to a ciphertext validity checking oracle. The validity checking oracle required is rather special and we discuss whether such oracles could be obtained in the real world. Our method works using a minor extension to the ideas of Bleichenbacher and Manger, in particular we obtain information from negative, as well as positive, responses from the validity checking oracle.
Unable to display preview. Download preview PDF.
- 2.Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)Google Scholar
- 3.Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: IEEE Symposium on Security and Privacy, pp. 281–295 (2008)Google Scholar
- 4.EMV. Integrated circuit card specifications for payment systems, Book 2. Security and Key Management. Version 4.2 (June 2008), www.emvco.com
- 5.EMV. Integrated circuit card specifications for payment systems, Book 3. Application Specification. Version 4.2 (June 2008), www.emvco.com
- 6.ISO 9564-2. Banking – Personal Identification Number management and security – Part 2: Approved algorithm(s) for PIN encipherment (2005), www.iso.org
- 8.Radu, C.: Implementing electronic card payment systems. Artech House Publishers (2002)Google Scholar