Bleichenbacher伪造攻击分析

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.38

T. Izu, M. Takenaka, Takeshi Shimoyama

{"title":"Bleichenbacher伪造攻击分析","authors":"T. Izu, M. Takenaka, Takeshi Shimoyama","doi":"10.1109/ARES.2007.38","DOIUrl":null,"url":null,"abstract":"In 2006, Bleichenbacher presented a new forgery attack against the signature scheme RSASSA-PKCS1-v1_5. The attack allows an adversary to forge a signature on almost arbitrary messages, if an implementation is not proper. Since the example was only limited to the case when the public exponent is 3 and the bit-length of the public composite is 3072, a potential threat is not known. This paper analyzes Bleichenbacher's forgery attack and shows applicable composite sizes for given exponents. We also propose two extended attacks with numerical examples","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Analysis on Bleichenbacher's Forgery Attack\",\"authors\":\"T. Izu, M. Takenaka, Takeshi Shimoyama\",\"doi\":\"10.1109/ARES.2007.38\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In 2006, Bleichenbacher presented a new forgery attack against the signature scheme RSASSA-PKCS1-v1_5. The attack allows an adversary to forge a signature on almost arbitrary messages, if an implementation is not proper. Since the example was only limited to the case when the public exponent is 3 and the bit-length of the public composite is 3072, a potential threat is not known. This paper analyzes Bleichenbacher's forgery attack and shows applicable composite sizes for given exponents. We also propose two extended attacks with numerical examples\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.38\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

2006年，Bleichenbacher提出了一种新的针对签名方案RSASSA-PKCS1-v1_5的伪造攻击。如果实现不正确，攻击者几乎可以对任意消息伪造签名。由于该示例仅局限于公共指数为3且公共组合的位长为3072的情况，因此不知道潜在的威胁。本文分析了Bleichenbacher伪造攻击，并给出了给定指数下适用的复合大小。我们还提出了两种扩展的攻击方法，并给出了数值例子

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis on Bleichenbacher's Forgery Attack

In 2006, Bleichenbacher presented a new forgery attack against the signature scheme RSASSA-PKCS1-v1_5. The attack allows an adversary to forge a signature on almost arbitrary messages, if an implementation is not proper. Since the example was only limited to the case when the public exponent is 3 and the bit-length of the public composite is 3072, a potential threat is not known. This paper analyzes Bleichenbacher's forgery attack and shows applicable composite sizes for given exponents. We also propose two extended attacks with numerical examples

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量