Abstract
At Crypto '85, Desmedt and Odlyzko described a chosen-ciphertext attack against plain RSA encryption. The technique can also be applied to RSA signatures and enables an existential forgery under a chosen-message attack. The potential of this attack remained untapped until a twitch in the technique made it effective against two very popular RSA signature standards, namely iso/iec 9796-1 and iso/iec 9796-2. Following these attacks, iso/iec 9796-1 was withdrawn and ISO/IEC 9796-2 amended. In this paper, we explain in detail Desmedt and Odlyzko's attack as well as its application to the cryptanalysis of iso/iec 9796-2.
Original language | English (US) |
---|---|
Pages (from-to) | 41-53 |
Number of pages | 13 |
Journal | Designs, Codes, and Cryptography |
Volume | 38 |
Issue number | 1 |
DOIs | |
State | Published - Jan 2006 |
Keywords
- Cryptanalsis
- Forgery
- ISO 9796
- Index Calculation
- RSA
- Signature
- Smoothness