Observe the following options carefully, which two attacks focus on RSA? (Choose all that apply.)

A.
DDoS attack

B.
BPA attack

C.
Adaptive chosen ciphertext attack

D.
Man-in-the-middle attack

Explanation:
The detailed answer:
There are essential 3 kinds of attacks against RSA:
1- BPA attack:
Branch prediction analysis (BPA) attack: A number of processors use a
branch predictor to determine whether a conditional branch in a program’s instruction
flow is likely to be taken. Generally speaking, these types of processors also implement
simultaneous multithreading (SMT). A branch prediction analysis attack uses a spy
process to statistically discover the private key when it is processed by these processors.
2- Adaptive chosen ciphertext attack:
The first practical adaptive chosen ciphertext attack
against an RSAencrypted message was described in 1995. This attack used the targeted
flaws in the PKCS #1 scheme, which was used in concert with RSA. This attack focused
on RSA implementations of the Secure Socket Layer protocol and was used to recover
session keys. Because of the success of this attack, it is now recommended that RSA be
used with other, more secure padding schemes, such as Optimal Asymmetric Encryption
Padding. Additionally, RSA Laboratories has released updated versions of PKCS #1 that
are not vulnerable to this form of attack.
3- Timing attacks:
In 1995 an attack against RSA was described wherein if the attacker knew a user’s
hardware in enough detail, and he could measure the decryption times for several known
ciphertexts, he could deduce the decryption key quickly. This same attack could then also
be applied against the RSA signature scheme as well.
One way to defend against this form of attack is to make sure that a consistent amount of
time is required for the decryption operation of each ciphertext. Although this would
work, it may not be worth the performance degradation that would result. Most RSA
implementations use an alternative approach known as blinding.
In this approach, the multiplicative property of RSA is used. The result of applying RSA
blinding is that the decryption time is no longer correlated to the value of the input
ciphertext, so the timing attack fails.