HOME

TheInfoList



Click Here for Items Related To - Daniel Bleichenbacher
OR:
Daniel Bleichenbacher on:   [Wikipedia]   [Google]   [Amazon]

Daniel Bleichenbacher (born 1964) is a
Swiss Swiss most commonly refers to: * the adjectival form of Switzerland * Swiss people Swiss may also refer to: Places * Swiss, Missouri * Swiss, North Carolina * Swiss, West Virginia * Swiss, Wisconsin Other uses * Swiss Café, an old café located ...
cryptographer Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
, previously a researcher at
Bell Labs Nokia Bell Labs, commonly referred to as ''Bell Labs'', is an American industrial research and development company owned by Finnish technology company Nokia. With headquarters located in Murray Hill, New Jersey, Murray Hill, New Jersey, the compa ...
and
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
, and currently employed at Cure53. He received his Ph.D. from
ETH Zurich ETH Zurich (; ) is a public university in Zurich, Switzerland. Founded in 1854 with the stated mission to educate engineers and scientists, the university focuses primarily on science, technology, engineering, and mathematics. ETH Zurich ran ...
in 1996 for contributions to computational number theory, particularly concerning message verification in the ElGamal and RSA public-key cryptosystems. His doctoral advisor was
Ueli Maurer Ulrich "Ueli" Maurer (; born 1 December 1950) is a Swiss politician who served as a List of members of the Swiss Federal Council, Member of the Swiss Federal Council from 2009 to 2022. A member of the Swiss People's Party (SVP/UDC), he was Pres ...
.


RSA Attacks

Bleichenbacher is particularly notable for devising attacks against the RSA public-key cryptosystem, namely when used with the PKCS#1 v1 standard published by RSA Laboratories. These attacks were able to break both RSA encryption and signatures produced using the PKCS #1 standard.


BB'98 attack: chosen ciphertext attack against the RSA PKCS#1 encryption standard

In 1998, Daniel Bleichenbacher demonstrated a practical attack against systems using RSA encryption in concert with the PKCS #1 encoding function, including a version of the
Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, ...
(SSL) protocol used by thousands of
web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...
s at the time. This attack was the first practical reason to consider
adaptive chosen-ciphertext attack An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosen-ciphertext attack in which an attacker first sends a number of ciphertexts to be decrypted chosen adaptively, and then uses the results to distinguish a ta ...
s.


BB'06 attack: signature forgery attack against the RSA PKCS#1 signature standard

In 2006 at a rump session at
CRYPTO Crypto commonly refers to: * Cryptography, the practice and study of hiding information * Cryptocurrency, a type of digital currency based on cryptography Crypto or krypto may also refer to: Cryptography * Cryptanalysis, the study of methods f ...
, Bleichenbacher described a "pencil and paper"-simple attack against RSA signature validation as implemented in common cryptographic toolkits. Both
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...
and the NSS security engine in
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
were later found to be vulnerable to the attack, which would allow an attacker to forge the SSL certificates that protect sensitive websites.


References

{{DEFAULTSORT:Bleichenbacher, Daniel Modern cryptographers 1964 births Living people Google employees