Cryptography Reference
In-Depth Information
the maximum size of Maple's lists is already smaller than the limit established in the
standard.
Example 8.10
Let us now give an example of encryption/decryption with RSAES-
OAEP, using the public key
pk
and the private key
sk
generated in Example 8.2.
We generate this RSA key again:
> rsakey := RSAKeyGen(1024, 618020429552270915383892324472348012175,
410275671464698780248543572127557803186):
pk := rsakey[1]:
sk := rsakey[2]:
We are going to encrypt the following message:
> me := "The magic words are squeamish ossifrage":
For encryption, a randomly chosen 32-byte seed is needed (since we are using as
hash function SHA-256, with a 32-byte output). We will use the following seed:
> s := "24deaed05ba18bc679443f35dc58dcbd63b43356b0a3d0431be35b0b82c8f1c9"
The ciphertext
C
is then obtained as follows:
> C := RSAESOAEPEncrypt(pk, me, s, messagetype = 'text');
"82af56318cab65002cbc7023ee6bccbb7ae071d8bda9c06e35b8f109f4d39e4e7079a502a7eb98bfd\
499791a9cf0dd5772754547cf5932e9cff8eef23b81c4f58f1d2928e13dff04498ab1fa19722cac7\
1c41970960b679c39b44c4d3384196cf5bfed8441a65e2b34d0ac3c831c712e0c02915d5b16e1077\
7eaa0e67997638dff02c1b4b1747777e344fc7a23cbe3d4b830d6e52a067a3f4e79ef04ba066d09f\
126b99b6c1fed19bb3381ea08f9dfd51d1edc768eea34f1dc22c32a0a4d7359a6beb7919bdeca70c\
03f6b8e43525a2dff6752e70c39a5836d72f2664fd5143306e50e79af68c53721f27d9d4a59fb226\
48583eeb0daaf2ea2fb480d9ebbb944"
The message can now be recovered as follows:
> RSAESOAEPDecrypt(sk, C, messagetype = 'text');
"The magic words are squeamish ossifrage"
Exercise 8.19
Suppose that a small message space such as,
for example,
{
is used and that messages are encrypted using the variant of
RSAESOAEPEncrypt
in which the seed is obtained by applying a PRG to a 32-bit
random seed. Show that there is a CPA attack that allows the full recovery of the
plaintext and hence renders this scheme completely insecure. Explain the reasons
why this attack no longer works against
RSAESOAEPEncrypt
(with a random
seed).
"Yes", "No"
}
Exercise 8.20
(i) Write aMaple version of the RSAES-OAEP encryption and decryption functions
that is able to encrypt/decrypt messages of arbitrary length (partitioning the
message into 'blocks' of adequate size like in the implementation of plain RSA).
(ii) Write a Maple version of RSAES-OAEP encryption/decryption that is able to
encrypt/decrypt messages given as files.
