Exercise 6, Task 9

Question

Hi, quick question regarding the Bleichenbacher attack.

In the lecture it was explained that the attack can be used to recover the plaintext of a specific RSA ciphertext by abusing a padding oracle.

However, in the exercise the official solution states that an attacker could also perform “any private key operation with the server's private key” etc.

This seems to contradict the lecture explanation. My understanding was that Bleichenbacher only allows decryption of individual ciphertexts, not general access to private key operations.

Could you clarify which interpretation is correct?

Official solution text:

The correct answers are: Any public key operation with the server's public key., Any private key operation with the server's private key., Recover the session key of recorded connections with RSA key exchange., Sign messages with the server's RSA key., Encrypt messages with the server's RSA key.

Answer 1

Hello, fellow student here.
As per my understanding from the lecture, they were also able to generate signatures, as signing is basically encryption with the private key, so you won't really have access to the keys themselves, but you can do anything you like with them with the server acting as a proxy.

Comments

Hi,

This is correct.

However, please keep in mind that the decryption uses the private key.
The encryption uses the public key.

Cheers,
Sebastian