filename        : pkcs
title           : Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS#1
author          : Daniel Bleichenbacher
type            : inproceedings
organization    : Lucent Technologies
booktitle       : Advances in Cryptology -- CRYPTO' 98
series          : Lecture Notes in Computer Science
publisher       : Springer-Verlag, Berlin
editor          : H. Krawczyk
volume          : 1462
pages           : 1-12
abstract        :

  This paper introduces a new adaptive chosen ciphertext attack
  against certain protocols based on RSA. We show that an RSA
  private-key operation can be performed if the attacker has access to
  an oracle that, for any chosen ciphertext, returns only one bit
  telling whether the ciphertext corresponds to some unknown block of
  data encrypted using PKCS #1. An example of a protocol susceptible to
  our attack is SSL V.3.0.