Cryptography Reference
In-Depth Information
048471316097956116875784447664313597829828076647064321398304080292861040
181121981874584035357384531261940870073590132259507075848608542622897132
965830205493142649925057238587095855015428120910267486856492069160267899
700588571140797942067121441946048.
Since the adversary knows that
P
3
must be less than
n
1
n
2
n
3, she simply needs to take
a normal cube root to retrieve the plaintext.
P
= (
P
3
)
1/3
= 32756283650823650923759023759082375092387509827590823759082735
908237590872309587320987509328579032875093287509324875098327509832750983
275908237509837095730928750932875092385872365897236589236593027509432759
034285732658972659823569823659823568926589236509578093672398568923659823
659823659823659823659825698256982356982653982365982698527320956892365892
37932865982365982365987263986598236589726895698236598236598723658972.
Note that nowhere during this attack does the adversary need to know any of the private
info of any of the recipients. Of course, this attack can be circumvented by salting mes-
sages. Another way of getting around this attack is NOT to use a small encryption exponent
with RSA.
Common Modulus Attack
It has also been suggested for RSA that all entities in a
system could use the same modulus
n
. Each user would choose their own distinct enci-
phering exponent
e
and its corresponding deciphering exponent
d
. However, a common
value for
n
is far worse than everyone using the same value for
e
, as it allows anyone know-
ing a single pair (
e
*
,
d
*
) of exponents to determine the private keys of everyone using the
same modulus. You should consider how this is done.
Java Algorithm
Following are two methods in the Ciphers class to do encryption and
decryption using RSA. Neither salt nor CBC is used. Of course, these methods use the
helper methods in the Ciphers class to block, unblock, pad and unpad.
public static byte[] RSAEncipher(byte[] msg,BigInteger e,BigInteger n) {
//Compute the plaintext block size
int blockSize=(n.bitLength()-1)/8;
byte[][] ba=block(pad(msg,blockSize),blockSize);
//Begin the enciphering
for (int i=0;i<ba.length;i++) ba[i]=getBytes(new
BigInteger(1,ba[i]).modPow(e,n));
//Return to a 1D array. The ciphertext block size is one byte greater than
plaintext block size.
return unBlock(ba,blockSize+1);
}
public static byte[] RSADecipher(byte[] msg,BigInteger d,BigInteger n) {
//Compute the ciphertext block size
Search WWH ::
Custom Search