Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Attacking the Diebold Signature Variant -- RSA Signatures with Unverified High-order Padding

Ryan W. Gardner, Tadayoshi Kohno, Alec Yasinsac

TL;DR

An very mathematically simple attack is presented that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time.

Abstract

We examine a natural but improper implementation of RSA signature verification deployed on the widely used Diebold Touch Screen and Optical Scan voting machines. In the implemented scheme, the verifier fails to examine a large number of the high-order bits of signature padding and the public exponent is three. We present an very mathematically simple attack that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time.

Attacking the Diebold Signature Variant -- RSA Signatures with Unverified High-order Padding

TL;DR

An very mathematically simple attack is presented that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time.

Abstract

We examine a natural but improper implementation of RSA signature verification deployed on the widely used Diebold Touch Screen and Optical Scan voting machines. In the implemented scheme, the verifier fails to examine a large number of the high-order bits of signature padding and the public exponent is three. We present an very mathematically simple attack that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time.
Paper Structure (4 sections, 12 equations)

This paper contains 4 sections, 12 equations.

Table of Contents

  1. Background
  2. Construction
  3. Attack
  4. Conclusion