Raw RSA
Alexander Klimov
alserkli at inbox.ru
Thu Sep 7 11:27:48 EDT 2006
On Thu, 7 Sep 2006, Leichter, Jerry wrote:
> | If an attacker is given access to a raw RSA decryption oracle (the
> | oracle calculates c^d mod n for any c) is it possible to extract the
> | key (d)?
> If I hand you my public key, I have in effect handed you an oracle that
> will compute c^d mod n for any c. What you are asking is whether you
> can then extract my private key e - which is exactly what the security
> claims for RSA say you cannot do. (Note that I chose to call my
> public key d and by private key e - but since the two keys are
> completely equivalent in RSA, that's just naming.)
I want to extract the exponent that is used by the oracle: this is the
difference between the chosen-plaintext attack (it does not require an
oracle, since it is a public key scheme) and the chosen-ciphertext
attack (CCA1).
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list