Raw RSA

Leichter, Jerry leichter_jerrold at emc.com
Fri Sep 8 10:40:04 EDT 2006


| > | If an attacker is given access to a raw RSA decryption oracle (the
| > | oracle calculates c^d mod n for any c) is it possible to extract the
| > | key (d)?
| > If I hand you my public key, I have in effect handed you an oracle that
| > will compute c^d mod n for any c.  What you are asking is whether you
| > can then extract my private key e - which is exactly what the security
| > claims for RSA say you cannot do.  (Note that I chose to call my
| > public key d and by private key e - but since the two keys are
| > completely equivalent in RSA, that's just naming.)
| 
| I want to extract the exponent that is used by the oracle: this is the
| difference between the chosen-plaintext attack (it does not require an
| oracle, since it is a public key scheme) and the chosen-ciphertext
| attack (CCA1).
I don't follow.  For RSA, the only difference between encryption and
decryption, and public and private key, and hence between chosen
plaintext and chosen ciphertext, is the arbitrary naming of one of
a pair of mutually-inverse values as the "private" key and the other
as the "public" key.
							-- Jerry
 
| -- 
| Regards,
| ASK
| 
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
| 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list