Suppose you’re using a 2048-bit modulus N and exchanging a 256-bit key. This is an attack on “textbook” RSA because the weakness in this post could be avoiding by real-world precautions such as adding random padding to each message so that no two recipients are sent the exact same message.īy the way, a similar trick works even if you only have access to one encrypted message. It follows that we can simply take the cube root in the integers and not the cube root in modular arithmetic. What makes this possible is knowing m is a positive integer less than each of the Ns, and that x < N 1 N 2 N 3. There is a unique x < N 1 N 2 N 3 such thatĪnd m is simply the cube root of x. Since the moduli are relatively prime, we can solve the three equations for m³ using the Chinese Remainder Theorem. We can assume each modulus N i is relatively prime to the others, otherwise we can recover the private keys using the method described here. Someone with access to c 1, c 2, and c 3 can recover the message m as follows. Each recipient has a different modulus N i, and each will receive a different encrypted message Suppose the same message m is sent to three recipients and all three use exponent e = 3. Sometimes the exponent is exponent 3, which is subject to an attack we’ll describe below. As I noted in this post, RSA encryption is often carried out reusing exponents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |