Errors Matter: Breaking RSA-Based PIN Encryption with Thirty Ciphertext Validity Queries

  • Nigel P. Smart
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5985)


We show that one can recover the PIN from a standardized RSA-based PIN encryption algorithm from a small number of queries to a ciphertext validity checking oracle. The validity checking oracle required is rather special and we discuss whether such oracles could be obtained in the real world. Our method works using a minor extension to the ideas of Bleichenbacher and Manger, in particular we obtain information from negative, as well as positive, responses from the validity checking oracle.


Smart Card Error Matter Oracle Query Challenge Ciphertext Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  2. 2.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: IEEE Symposium on Security and Privacy, pp. 281–295 (2008)Google Scholar
  4. 4.
    EMV. Integrated circuit card specifications for payment systems, Book 2. Security and Key Management. Version 4.2 (June 2008),
  5. 5.
    EMV. Integrated circuit card specifications for payment systems, Book 3. Application Specification. Version 4.2 (June 2008),
  6. 6.
    ISO 9564-2. Banking – Personal Identification Number management and security – Part 2: Approved algorithm(s) for PIN encipherment (2005),
  7. 7.
    Manger, J.: A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS # 1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Radu, C.: Implementing electronic card payment systems. Artech House Publishers (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Nigel P. Smart
    • 1
  1. 1.Dept. Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations