This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e
For a 100digit number, one 1 in 230 chance.
For
e can be fixed to some constant value without decreasing security ;
can
e is commonly set to 3 or 65537 = 216+1 in practice to speed up
is
65537 quickly
encryption: m e mod n ; one can compute m 65537 quickly as well
mod
one
Once e is fixed, d can be found using the Euclid’s Algorithm
Once is fixed can
Recent News: (Feb 15, 2012): Implementation Flaws in RSA random
Recent
key generations
http://www.nytimes.com/2012/02/15/technology/researchershttp://www.nytimes.com/2012/02/15/technology/researchers
findflawinanonlineencryptionmethod.html?_r=1&hp
find Some arcane Attacks on RSA Guessing plaintext attack: if the attackers know the candidate set of plaintexts to
Guessing
be sent (with exact wordings), the attacker can encrypt each of the possible
choice using the recipient’s public key and compare them to the actual ciphertext
sent ;
Chosen ciphertext attack: don’t sign arbitrary messages sent by others because
Chosen
signing is equivalent to decrypt the message with your private key. Assume you are use the a single pair of public and private key, (Kpub,Kpriv)
Assume
for both encryption/decryption and signing/verification.
Eve, the attacker, records an encrypted letter sent to you by someone else,
and ask you to sign this recorded message (and of course, return the signed
3
c
result to her). If you follow Eve’s request and sign on what Eve gives you, you
are actually decrypting your own secret letter for Eve.
=> It’s better to use different public/private keypairs for different purposes, e.g.
one keypair (Kpub1, Kpriv1) for letting people to send secret to you by
(Kpub1,
for
encrypting with Kpub1 and you can decrypt using Kpriv1; use a different pair
Kpub1 and
Kpriv1
(Kpub2,Kpriv2) for digitalsignature/verification, i.e. you use Kpriv2 to sign
(Kpub2,Kpriv2) for
Kpriv2 to
outgoing messages and your intended receiptant can use Kpub2 to verify
Kpub2 to
your signature.
Cuberoot attack for e = 3: if m3 < n because the “mod” operation becomes null ,
Cube
3:
because
3 mod n = m3 = C and the attacker can obtain m by performing m = 3
i.e. m mod
and
C
With e = 3, sending exactly the same secret message to 3 or more people (using
With
3,
3 or more public keys) would reveal the secret message ; See http://members.tripod.com/irish_ronan/rsa/attacks.html
See Public Key Cryptography Standard (PKCS) A list of Standards (PKCS#1 to PKCS#15) on how to use RSA in
list
practice, regarding message formatting, information encoding
scheme, choice of parameters etc
Protected against the following “improper use” or attacks on RSA
Protected
including: Plaintext guessing
Plaintext Chosen ciphertext attack
Chosen m3 < n Sending the same message to multiple people ;
Sending
This is done by prepending some fixed number of constant and
This
random bytes to the message to be encrypted/ decrypted Performance of RSA For hardware implementation, RSA is about 1000 times slower
For
than DES ; for software implementation, RSA is about 100 times
slower ;
Time to do RSA decryption on a 1 MIPS VAX was around 30
Time
seconds (VERY SLOW…) when it was invented in late 70’s
The inventors needed...
View
Full
Document
 Spring '13
 ZHANGKEHUAN

Click to edit the document details