Attacks on Digital Signature Algorithm: RSA - PowerPoint PPT Presentation

About This Presentation
Title:

Attacks on Digital Signature Algorithm: RSA

Description:

The need for digital signature: online banking, routable forms... Eve wants to read plaintext m from c. ... decrypt the message, so Eve can not figure out ... – PowerPoint PPT presentation

Number of Views:611
Avg rating:3.0/5.0
Slides: 13
Provided by: johnn97
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Attacks on Digital Signature Algorithm: RSA


1
Attacks on Digital Signature Algorithm RSA
  • John Nguyen

2
RSA as a Digital Signature Algorithm
  • The need for digital signature online banking,
    routable forms
  • Requirement something uniquely identify oneself,
    and people can verify that unique identification.
  • RSA is a public key cryptography which offers
    that need.
  • Private key to sign the message.
  • Public key to verify the signature.

3
RSA
  • A public key algorithm
  • Easy to understand and implement
  • Popular, used by numerous companies such as
    Motorola and Adobe in its Acrobat product.
  • De facto standard in much of the world.

4
RSA Algorithm
  • Choose 2 large prime numbers p and q
  • Then compute n pq
  • Choose e such that e and (p-1)(q-1) are
    relatively prime.
  • key d can be computed by using extended Euclidean
    algorithm
  • ed 1 mod (p-1)(q-1)

5
RSA Encrytion
  • Public key n and e
  • Private key d
  • Encrypting
  • c me mod n
  • Decrypting
  • m cd mod n
  • Digital signature
  • c md mod n (signing)
  • m ce mod n (verification)

6
Proof
  • cd (me)d (mod n)
  • med
  • mk(p-1)(q-1) 1
  • mmk(p-1)(q-1)
  • m 1 m
  • mk(p-1)(q-1) mk?(n) m 1 (Eulers
    generalization of Fermats little theorem)

7
Security of RSA
  • Factoring n is the most obvious attack.
  • Difficult
  • Factoring techonology best 129-decimal-digital
    modulus
  • N must be larger than that to be secure
  • Guessing value of (p-1)(q-1), but the difficulty
    is the same as factoring n
  • Common attacks against RSAs implementation
    attack against the protocol, not the basic
    algorithm.

8
Chosen Cipher Attack against RSA
  • Eve attacker, Alice user
  • Eve got c encrypted by Alices public key. Eve
    wants to read plaintext m from c.
  • Mathematically, Eve needs d m cd, but Eve does
    not know d.
  • Eve decided to figure out m without first knowing
    exactly what d is.

9
Chosen Ciphertext attack
  • Eve chooses a random number r (r lt n), then
    compute
  • x re mod n
  • y xc mod n
  • t r-1 mod n
  • Eve gets Alice to sign y with her private key,
    therefore decrypting y.
  • Alice sends Eve u yd mod n
  • Eve computes, and get m
  • tu mod n r-1yd mod n r-1xdcd mod n cd mod
    n m

10
Prevent against this chosen ciphertext attack
  • Signing and encrypting ( decrypting) are 2
    different things.
  • They can be done separately.
  • 1 set of keys for signing and verification.
  • 1 set of keys for decrypting and encrypting.
  • Sign on a one-way hash of message, not the
    message.
  • Signing will not decrypt the message, so Eve can
    not figure out m

11
Attack on Encrypting and Signing with RSA
  • Alice sends a message m to Bob
  • She encrypts m with Bob public key, then signs
    with her private key
  • (meB mod nB)dA mod nA
  • Bob can claim that Alice sent him m, not m.
  • He can find x, such that
  • mx m mod n
  • If he can publish xeB replace old eB

12
To prevent this attack
  • Assign each user fixed keys
  • Usually be done by third party VeriSign
  • Moreover, common good practice sign first,
    encrypt later.
Write a Comment
User Comments (0)
About PowerShow.com