A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf
.
On the Insecurity of a Server-Aided RSA Protocol
[chapter]
2001
Lecture Notes in Computer Science
At Crypto '88, Matsumoto, Kato and Imai proposed a protocol, known as RSA-S1, in which a smart card computes an RSA signature, with the help of an untrusted powerful server. There exist two kinds of attacks against such protocols: passive attacks (where the server does not deviate from the protocol) and active attacks (where the server may return false values). Pfitzmann and Waidner presented at Eurocrypt '92 a passive meet-in-the-middle attack and a few active attacks on RSA-S1. They discussed
doi:10.1007/3-540-45682-1_2
fatcat:5eiv2wb7ircjpbjxr2ustewuiu