Section: New Results
New Attacks on RSA PKCS#1v1.5 (Objective 2)
Participants : Graham Steel [correspondant] , Romain Bardou.
RSA PKCS#1v1.5 is the most commonly used standard for public key encryption, used for example in TLS/SSL. It has been known to be vulnerable to a so-called padding-oracle attack since 1998 when Bleichenbacher described the vulnerability at CRYPTO. The attack, known was the “million message attack” was not thought to present a practical threat, due in part to the large number of oracle messages required. In a paper published at CRYPTO 2012  we gave original modifications showing how the attack can be completed in a median of just 15 000 messages. The results led to widespread interest, indicated by over 1400 downloads of the long version of the paper from the HAL webpage and articles in the New York Times, Boston Globe and Süddeutscher Zeitung.