04 publickeycrypto

# For e can be fixed to some constant value without

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: e For a 100-digit number, one 1 in 230 chance. For e can be fixed to some constant value without decreasing security ; can e is commonly set to 3 or 65537 = 216+1 in practice to speed up is 65537 quickly encryption: m e mod n ; one can compute m 65537 quickly as well mod one Once e is fixed, d can be found using the Euclid’s Algorithm Once is fixed can Recent News: (Feb 15, 2012): Implementation Flaws in RSA random Recent key generations http://www.nytimes.com/2012/02/15/technology/researchershttp://www.nytimes.com/2012/02/15/technology/researchers find-flaw-in-an-online-encryption-method.html?_r=1&hp find Some arcane Attacks on RSA Guessing plaintext attack: if the attackers know the candidate set of plaintexts to Guessing be sent (with exact wordings), the attacker can encrypt each of the possible choice using the recipient’s public key and compare them to the actual ciphertext sent ; Chosen ciphertext attack: don’t sign arbitrary messages sent by others because Chosen signing is equivalent to decrypt the message with your private key. Assume you are use the a single pair of public and private key, (Kpub,Kpriv) Assume for both encryption/decryption and signing/verification. Eve, the attacker, records an encrypted letter sent to you by someone else, and ask you to sign this recorded message (and of course, return the signed 3 c result to her). If you follow Eve’s request and sign on what Eve gives you, you are actually decrypting your own secret letter for Eve. => It’s better to use different public/private key-pairs for different purposes, e.g. one key-pair (Kpub1, Kpriv1) for letting people to send secret to you by (Kpub1, for encrypting with Kpub1 and you can decrypt using Kpriv1; use a different pair Kpub1 and Kpriv1 (Kpub2,Kpriv2) for digital-signature/verification, i.e. you use Kpriv2 to sign (Kpub2,Kpriv2) for Kpriv2 to outgoing messages and your intended receiptant can use Kpub2 to verify Kpub2 to your signature. Cube-root attack for e = 3: if m3 < n because the “mod” operation becomes null , Cube 3: because 3 mod n = m3 = C and the attacker can obtain m by performing m = 3 i.e. m mod and C With e = 3, sending exactly the same secret message to 3 or more people (using With 3, 3 or more public keys) would reveal the secret message ; See http://members.tripod.com/irish_ronan/rsa/attacks.html See Public Key Cryptography Standard (PKCS) A list of Standards (PKCS#1 to PKCS#15) on how to use RSA in list practice, regarding message formatting, information encoding scheme, choice of parameters etc Protected against the following “improper use” or attacks on RSA Protected including: Plaintext guessing Plaintext Chosen ciphertext attack Chosen m3 < n Sending the same message to multiple people ; Sending This is done by pre-pending some fixed number of constant and This random bytes to the message to be encrypted/ decrypted Performance of RSA For hardware implementation, RSA is about 1000 times slower For than DES ; for software implementation, RSA is about 100 times slower ; Time to do RSA decryption on a 1 MIPS VAX was around 30 Time seconds (VERY SLOW…) when it was invented in late 70’s The inventors needed...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online