Skip to main content
Book cover

Annual International Cryptology Conference

CRYPTO 2001: Advances in Cryptology — CRYPTO 2001 pp 230–238Cite as

A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0

  • Conference paper

    • We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

  • First Online:

Part of the Lecture Notes in Computer Science book series (LNCS,volume 2139)

Abstract

An adaptive chosen ciphertext attack against PKCS #1 v2.0 RSA OAEP encryption is described. It recovers the plaintext - not the private key - from a given ciphertext in a little over log2 n queries of an oracle implementing the algorithm, where n is the RSA modulus. The high likelihood of implementations being susceptible to this attack is explained as well as the practicality of the attack. Improvements to the algorithm to defend against the attack are discussed.

Keywords

  • chosen ciphertext attack
  • RSA
  • OAEP
  • PKCS

Download conference paper PDF

References

  1. D. Bleichenbacher: Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. In Hugo Krawczyk (ed.), Advances in Cryptology-CRYPTO’ 98, pages 1–12, Berlin, Springer, 1998 (Lecture Notes in Computer Science, vol. 1462).

    CrossRef  Google Scholar 

  2. PKCS #1 v2.0: RSA Cryptography Standard, 1 October 1998. http://www.rsasecurity.com/rsalabs/pkcs/

  3. PKCS #1 v2.1 draft 2: RSA Cryptography Standard, 5 January 2001. http://www.rsasecurity.com/rsalabs/pkcs/

  4. IEEE 1363 draft 13: Standard Specifications for Public Key Cryptography, 12 November 1999. http://grouper.ieee.org/groups/1363/

  5. M. Bellare and P. Rogaway: Optimal Asymmetric Encryption Padding — How to Encrypt with RSA. In Advances in Cryptology — EUROCRYPT’ 94, pages 92–111, Springer-Verlag, 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telstra Research Laboratories, Level 7, 242 Exhibition Street, Melbourne, 3000, Australia

    James Manger

Authors
  1. James Manger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Yianilos Labs., 707 State Rd., Rt. 206, Suite 212, Princeton, NJ, 08540, USA

    Joe Kilian

Rights and permissions

Reprints and Permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Manger, J. (2001). A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. In: Kilian, J. (eds) Advances in Cryptology — CRYPTO 2001. CRYPTO 2001. Lecture Notes in Computer Science, vol 2139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44647-8_14

Download citation

  • DOI: https://doi.org/10.1007/3-540-44647-8_14

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42456-7

  • Online ISBN: 978-3-540-44647-7

  • eBook Packages: Springer Book Archive

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.