This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e
For a 100-digit number, one 1 in 230 chance.
e can be fixed to some constant value without decreasing security ;
e is commonly set to 3 or 65537 = 216+1 in practice to speed up
encryption: m e mod n ; one can compute m 65537 quickly as well
Once e is fixed, d can be found using the Euclid’s Algorithm
Once is fixed can
Recent News: (Feb 15, 2012): Implementation Flaws in RSA random
find Some arcane Attacks on RSA Guessing plaintext attack: if the attackers know the candidate set of plaintexts to
be sent (with exact wordings), the attacker can encrypt each of the possible
choice using the recipient’s public key and compare them to the actual ciphertext
Chosen ciphertext attack: don’t sign arbitrary messages sent by others because
signing is equivalent to decrypt the message with your private key. Assume you are use the a single pair of public and private key, (Kpub,Kpriv)
for both encryption/decryption and signing/verification.
Eve, the attacker, records an encrypted letter sent to you by someone else,
and ask you to sign this recorded message (and of course, return the signed
result to her). If you follow Eve’s request and sign on what Eve gives you, you
are actually decrypting your own secret letter for Eve.
=> It’s better to use different public/private key-pairs for different purposes, e.g.
one key-pair (Kpub1, Kpriv1) for letting people to send secret to you by
encrypting with Kpub1 and you can decrypt using Kpriv1; use a different pair
(Kpub2,Kpriv2) for digital-signature/verification, i.e. you use Kpriv2 to sign
outgoing messages and your intended receiptant can use Kpub2 to verify
Cube-root attack for e = 3: if m3 < n because the “mod” operation becomes null ,
3 mod n = m3 = C and the attacker can obtain m by performing m = 3
i.e. m mod
With e = 3, sending exactly the same secret message to 3 or more people (using
3 or more public keys) would reveal the secret message ; See http://members.tripod.com/irish_ronan/rsa/attacks.html
See Public Key Cryptography Standard (PKCS) A list of Standards (PKCS#1 to PKCS#15) on how to use RSA in
practice, regarding message formatting, information encoding
scheme, choice of parameters etc
Protected against the following “improper use” or attacks on RSA
including: Plaintext guessing
Plaintext Chosen ciphertext attack
Chosen m3 < n Sending the same message to multiple people ;
This is done by pre-pending some fixed number of constant and
random bytes to the message to be encrypted/ decrypted Performance of RSA For hardware implementation, RSA is about 1000 times slower
than DES ; for software implementation, RSA is about 100 times
Time to do RSA decryption on a 1 MIPS VAX was around 30
seconds (VERY SLOW…) when it was invented in late 70’s
The inventors needed...
View Full Document
- Spring '13