Springer Verlag, Lecture Notes in Computer Science, p. 114-127
Full text: Download
This paper presents a new type of powerful cryptanalytic at- tacks on public-key cryptosystems, extending the more commonly stud- ied adaptive chosen-ciphertext attacks. In the new attacks, an adversary is not only allowed to submit to a decryption oracle (valid or invalid) ciphertexts of her choice, but also to emit a \dump query" prior to the completion of a decryption operation. The dump query returns interme- diate results that have not been erased in the course of the decryption operation, whereby allowing the adversary to gain vital advantages in breaking the cryptosystem. We believe that the new attack model approximates more closely existing security systems. We examine its power by demonstrating that most existing public-key cryptosystems, including OAEP-RSA, are vulnerable to our extended attacks.