Encryption in cipher/rsa.c
thomas.schorpp
t.schorpp at gmx.de
Mon Feb 2 08:41:00 CET 2004
Stefan Berthold wrote:
> Hej!
>
> I belive that question was answered before, but I can't find the right
> link using google.
>
> The "public" function (lines 220ff in cipher/rsa.c) for encryption on
> the public side implements
>
> c = m^e mod n
>
> Now I learned, there exists a known active attack, if you calculate c in
> the way described above: Given the attacker wants to decrypt c_3, i.e.
> he wants to get
>
> m_3 = (c_3^d mod n)
>
> He chooses an c_1 with an inverse (c_1^(-1)) in Z_n and generate an c_2
> with
>
> c_2 = c_3 * c_1^(-1)
>
> Now if the victim sends c_1^d and c_2^d (mod n) the attacker will get
>
> m_3 = c_1^d * c_2^d (mod n)
>
> because
>
> c_3^d = (c_1 * c_2)^d (mod n)
> = c_1^d * c_2^d (mod n)
>
> Where is my fault? -- A reference to an older explanation would fit.
>
> Hej så länge.
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
>
hi,
ive seen this before, too.
maybe try the usenet crypto groups.
y
tom
More information about the Gnupg-devel
mailing list