Encryption in cipher/rsa.c
t.schorpp at gmx.de
Mon Feb 2 08:41:00 CET 2004
Stefan Berthold wrote:
> I belive that question was answered before, but I can't find the right
> link using google.
> The "public" function (lines 220ff in cipher/rsa.c) for encryption on
> the public side implements
> c = m^e mod n
> Now I learned, there exists a known active attack, if you calculate c in
> the way described above: Given the attacker wants to decrypt c_3, i.e.
> he wants to get
> m_3 = (c_3^d mod n)
> He chooses an c_1 with an inverse (c_1^(-1)) in Z_n and generate an c_2
> c_2 = c_3 * c_1^(-1)
> Now if the victim sends c_1^d and c_2^d (mod n) the attacker will get
> m_3 = c_1^d * c_2^d (mod n)
> c_3^d = (c_1 * c_2)^d (mod n)
> = c_1^d * c_2^d (mod n)
> Where is my fault? -- A reference to an older explanation would fit.
> Hej så länge.
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
ive seen this before, too.
maybe try the usenet crypto groups.
More information about the Gnupg-devel