Index calculation attacks on RSA signature and encryption

Jean Sébastien Coron, David Naccache, Yvo Desmedt, Andrew Odlyzko, Julien P. Stern

Research output: Contribution to journalArticlepeer-review

6 Scopus citations


At Crypto '85, Desmedt and Odlyzko described a chosen-ciphertext attack against plain RSA encryption. The technique can also be applied to RSA signatures and enables an existential forgery under a chosen-message attack. The potential of this attack remained untapped until a twitch in the technique made it effective against two very popular RSA signature standards, namely iso/iec 9796-1 and iso/iec 9796-2. Following these attacks, iso/iec 9796-1 was withdrawn and ISO/IEC 9796-2 amended. In this paper, we explain in detail Desmedt and Odlyzko's attack as well as its application to the cryptanalysis of iso/iec 9796-2.

Original languageEnglish (US)
Pages (from-to)41-53
Number of pages13
JournalDesigns, Codes, and Cryptography
Issue number1
StatePublished - Jan 2006


  • Cryptanalsis
  • Forgery
  • ISO 9796
  • Index Calculation
  • RSA
  • Signature
  • Smoothness


Dive into the research topics of 'Index calculation attacks on RSA signature and encryption'. Together they form a unique fingerprint.

Cite this