A chosen ciphertext attack against protocols based on the RSA encryption standard (1998)

by D Bleichenbacher
Venue:PKCS #1. Advances in Cryptology - CRYPTO '98, Lecture Notes in Computer Science