Marvin Targets RSA Decryption with Measurement Attack

30 Sep 2023 10:45 am GMT+0000 Date Time

News Report
Hubert Kario, a Czech Security Researcher operating at Red Hat, presented at the European Symposium on Computer Security the Marvin attack technique. This technique allows for the determination of initial data by measuring delays in transcript operations based on the RSA algorithm. With this method, it becomes possible to decipher traffic or create digital signatures without knowledge of a closed RSA key. To test the applicability of the attack, a special script for testing TLS servers and tools to identify problems in libraries have been published here. The attack is a variation of the method proposed by Daniel Bleichenbacher in 1998. It is known as the “binhehenbacher attack.” The method involves separating correct and incorrect blocks of additional padding by manipulating server reactions and operations. By doing so, the attacker can recreate the correct ciphertext. The attack has continued to evolve in recent years. It is important to note that the attack does not directly retrieve the closed key. Rather, it allows for the deciphering of ciphertext or the creation of fake signed messages. To successfully carry out the attack, a large volume of trial messages is required for decryption. The Marvin method improves on the technique of separating correct and incorrect additional data and filters out false works, resulting in more accurate determination of delays and the use of additional third-party channels during measurement.

News Report

Hubert Kario, a Czech Security Researcher operating at Red Hat, presented at the European Symposium on Computer Security the Marvin attack technique. This technique allows for the determination of initial data by measuring delays in transcript operations based on the RSA algorithm. With this method, it becomes possible to decipher traffic or create digital signatures without knowledge of a closed RSA key.

To test the applicability of the attack, a special script for testing TLS servers and tools to identify problems in libraries have been published here.

The attack is a variation of the method proposed by Daniel Bleichenbacher in 1998. It is known as the “binhehenbacher attack.” The method involves separating correct and incorrect blocks of additional padding by manipulating server reactions and operations. By doing so, the attacker can recreate the correct ciphertext. The attack has continued to evolve in recent years.

It is important to note that the attack does not directly retrieve the closed key. Rather, it allows for the deciphering of ciphertext or the creation of fake signed messages. To successfully carry out the attack, a large volume of trial messages is required for decryption. The Marvin method improves on the technique of separating correct and incorrect additional data and filters out false works, resulting in more accurate determination of delays and the use of additional third-party channels during measurement.

/Reports, release notes, official announcements.