We examine a natural but improper implementation of RSA signature verification deployed on the widely used Diebold Touch Screen and Optical Scan voting machines. In the implemented scheme, the verifier fails to examine a large number of the high-order bits of signature padding and the public exponent is three. We present an very mathematically simple attack that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time.

翻译：我们研究了广泛使用的迪宝触摸屏和光学扫描投票机上部署的一种自然但不当的RSA签名验证实现。在该实现方案中，验证者未能检查签名填充中的大量高位，且公钥指数为三。我们提出了一种在数学上极为简单的攻击，使得攻击者能够在极短时间内伪造任意消息的签名。