Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small.

Published byJamari Mann Modified over 9 years ago

Similar presentations

Presentation on theme: "RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small."— Presentation transcript:

1 RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small. More subtle, e.g.: Thm: If 3d < n^{ ¼ } and q<p<2q, then d can be found in polynomial time. More info: Section 6.2

2 RSA: More about attacks Public-key cryptosystem: can it have perfect secrecy ? RSA is insecure against a chosen-ciphertext attack (we’ll do soon). Is RSA insecure against a known-plaintext attack ? Is RSA insecure against a chosen-plaintext attack ?

3 RSA: Protocol Failures Secure system can still be used in an insecure (careless) way. This is called a protocol failure. Examples: Exercises 16 and 17 (Chapter 6, page 194)

4 RSA: Insecurity against Chosen-Ciphertext Eve wants to decrypt y (a ciphertext). She can choose another ciphertext ŷ \neq y that she can use to decrypt y. Choose a random x_0 and compute y_0 = (x_0)^e mod n. Let ŷ = y_0y mod n. Eve gets the decryption of ŷ. How to find y ?

5 RSA: Timing Attacks In 1995, Paul Kocher (an undergraduate at Standford), discovered that it is possible to determine d (the decryption exponent) by carefully timing the computation times for a sequence of decryptions. Moral of the story: a new type of attack can break a system that is though to be secure… Good news for RSA: it is possible to thwart the timing attack.

6 Other Public-key Cryptosystems RSA is the “standard” but there are other public-key cryptosystems. E.g. one by Rabin and one by ElGamal. All three cryptosystems: - thought to be secure - can be used for digital signatures - slow Hence: used to encrypt a session key, then use a (secure) private key cryptosystem

7 Other Public-key Cryptosystems The Rabin cryptosystem: - based on the difficulty of finding square roots mod a composite number (problem equivalent to factoring) - provably secure (unlike RSA; assuming factoring is computationally infeasible, the Rabin cryptosystem is secure) - 4 possible plaintexts for each ciphertext [RSA: conjectured to be as secure as factoring.] The ElGamal cryptosystem: - based on the difficulty of computing discrete logarithms in a finite field - used in many cryptographic protocols

8 Public-key Cryptosystems Outline of a general public-key cryptosystem: - components: a set M of messages, a set K of keys, for each key k 2 K, an encryption function E k and a decryption function D k (usually functions from M to M) - requirements: - E k (D k (m)) = D k (E k (m)) for all m, k. - E k (m) and D k (m) are easy to compute for all m, k. - figuring out D k from E k is computationally infeasible for almost all k 2 K - given k 2 K, finding E k and D k is easy

Download ppt "RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small."

Similar presentations

Managed Availability works by implementing Probes, Monitors and Responders:  The Probe is the component that performs the simple test. It doesn’t care.

Managed Availability works by implementing Probes, Monitors and Responders:  The Probe is the component that performs the simple test. It doesn’t care.
Inspired to seek transformation Letters of Paul Negative Waiting time Impersonal Subtle Bring bad news Positive Care Encourage Nurture Prepare Give advice.

Inspired to seek transformation Letters of Paul Negative Waiting time Impersonal Subtle Bring bad news Positive Care Encourage Nurture Prepare Give advice.
Motivating example  You want to do a cruise on the Nile  Your electronic secretary has to book  A return flight to Egypt  And a cruise such that the.

Motivating example  You want to do a cruise on the Nile  Your electronic secretary has to book  A return flight to Egypt  And a cruise such that the.
Information Security of Embedded Systems 9.1.2010: Public Key Cryptosystems, Communication Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Public Key Cryptosystems, Communication Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
FFT(Fast Fourier Transform). p2. FFT Coefficient representation: How to evaluate A(x 0 )?

FFT(Fast Fourier Transform). p2. FFT Coefficient representation: How to evaluate A(x 0 )?
Lattice Based Attacks on RSA. 2004/9/22Lattice Based Attacks on RSA2 Outline Lattices and Lattice reduction Lattice Based Attacks on RSA Hastad ’ s Attack.

Lattice Based Attacks on RSA. 2004/9/22Lattice Based Attacks on RSA2 Outline Lattices and Lattice reduction Lattice Based Attacks on RSA Hastad ’ s Attack.
Do you care about preserving the environment?. Do you want to make an impact on the RIT Campus?

Do you care about preserving the environment?. Do you want to make an impact on the RIT Campus?
Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.

Transforming out Timing Leaks (Agat’s approach) Terkel K. Tolstrup Informatics and Mathematical Modelling Technical University of.
2006 Fall MATH 100 Lecture 141 MATH 100Class 21 Line Integral independent of path.

2006 Fall MATH 100 Lecture 141 MATH 100Class 21 Line Integral independent of path.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
2 New HIV diagnoses and number of persons accessing HIV care in the United Kingdom: 2014.

2 New HIV diagnoses and number of persons accessing HIV care in the United Kingdom: 2014.
Torturing OpenSSL Todd Austin University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation)

Torturing OpenSSL Todd Austin University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation)
PUTTING FEET FIRST Problem For the patient. PUTTING FEET FIRST Problem For the patient For health care services.

PUTTING FEET FIRST Problem For the patient. PUTTING FEET FIRST Problem For the patient For health care services.
© The Critical Thinking Consortium Children’s Rights – Caring adults # 1.

© The Critical Thinking Consortium Children’s Rights – Caring adults # 1.
Number-Theoretic Algorithms

Number-Theoretic Algorithms
Key Leader Orientation 5- Key Leader Orientation 5-1.

Key Leader Orientation 5- Key Leader Orientation 5-1.
Overweight Employee Population 1. Obese Employee Population 2.

Overweight Employee Population 1. Obese Employee Population 2.
Asymmetric-Key Cryptography Also known as public-key cryptography, performs encryption and decryption with two different algorithms. Each node announces.

Asymmetric-Key Cryptography Also known as public-key cryptography, performs encryption and decryption with two different algorithms. Each node announces.
Economic Challenges Healthcare for the Aging Population TEAM D BRANDIE, FELISHA, MELYSSA, & KELLY HCS/440 APRIL 14, 2014 PRANAB ROUT.

Economic Challenges Healthcare for the Aging Population TEAM D BRANDIE, FELISHA, MELYSSA, & KELLY HCS/440 APRIL 14, 2014 PRANAB ROUT.
Logging Antivirus Examples Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). Articles in business magazines.

Logging Antivirus Examples Use recent examples from media of such attacks (RSA, Epsilon, Oak Ridge National Labs, HBGary). Articles in business magazines.

Similar presentations

Ads by Google