Extending Bleichenbacher's Forgery Attack

概要

論文の詳細を見る
In 2006 Bleichenbacher presented a new forgery attack against the signature scheme RSASSA-PKCS1-v1_5. The attack allows an adversary to forge a signature on almost arbitrary messages if an implementation is not proper. Since the example was only limited to the case when the public exponent is 3 and the bit-length of the public composite is 3 072 the potential threat is not known. This paper analyzes Bleichenbacher's forgery attack and shows applicable composite sizes for given exponents. Moreover we extend Bleichenbacher's attack and show that when 1 024-bit composite and the public exponent 3 are used the extended attack succeeds the forgery with the probability 2<sup>-16.6</sup>.
一般社団法人情報処理学会の論文
2008-09-15