Robots and Random Oracles: The Good and The Bad of Public Key Cryptography

We have a major problem with RSA public key encryption, and it focuses on the padding method used for the ciphered message. The main standard for formating an encrypted message is defined in PKCS (Public Key Cryptography Standards) #1. Overall there are two main methods: v1.5 and v2 (RSAES-OAEP). Unfortunately, the 1.5 standard — which was the first to be defined — but has been shown to be fairly easy to crack.

The main weakness of v1.5 is the Bleichenbacher’s attack [here] and which has been known about for over 20 years. It has been at the core of many attacks on SSL. It returned back in 2017 in the form of ROBOT (Return Of Bleichenbacher’s Oracle Threat https://robotattack.org/). The problem with v1.5 focuses on at the starting hex sequence of “00” “02” [RFC 2313]:

Optimal Asymmetric Encryption Padding (PKCS #1 v2)

Optimal Asymmetric Encryption Padding (OAEP) allows for a message to be encrypted using RSA. It thus uses RSA encryption and integrates a padding scheme. It was defined by Bellare and Rogaway, and has been standardized in PKCS#1 v2 and RFC 2437 [here]. We…