1 / 12

Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA. John Nguyen. RSA as a Digital Signature Algorithm. The need for digital signature: online banking, routable forms… Requirement: something uniquely identify oneself, and people can verify that unique identification.

briana
Download Presentation

Attacks on Digital Signature Algorithm: RSA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attacks on Digital Signature Algorithm: RSA John Nguyen

  2. RSA as a Digital Signature Algorithm • The need for digital signature: online banking, routable forms… • Requirement: something uniquely identify oneself, and people can verify that unique identification. • RSA is a public key cryptography which offers that need. • Private key to sign the message. • Public key to verify the signature.

  3. RSA • A public key algorithm • Easy to understand and implement • Popular, used by numerous companies such as Motorola and Adobe in its Acrobat product. • De facto standard in much of the world.

  4. RSA Algorithm • Choose 2 large prime numbers p and q • Then compute: n = pq • Choose e such that e and (p-1)(q-1) are relatively prime. • key d can be computed by using extended Euclidean algorithm: ed ≡ 1 mod (p-1)(q-1)

  5. RSA Encrytion • Public key: n and e • Private key: d • Encrypting: c = me mod n • Decrypting: m = cd mod n • Digital signature: • c = md mod n (signing) • m = ce mod n (verification)

  6. Proof • cd = (me)d (mod n) = med = mk(p-1)(q-1) + 1 = mmk(p-1)(q-1) = m *1 = m • mk(p-1)(q-1) = mk(n) = m* 1 (Euler’s generalization of Fermat’s little theorem)

  7. Security of RSA • Factoring n is the most obvious attack. • Difficult • Factoring techonology: best 129-decimal-digital modulus • N must be larger than that to be secure • Guessing value of (p-1)(q-1), but the difficulty is the same as factoring n • Common attacks against RSA’s implementation: attack against the protocol, not the basic algorithm.

  8. Chosen Cipher Attack against RSA • Eve: attacker, Alice: user • Eve got c encrypted by Alice’s public key. Eve wants to read plaintext m from c. • Mathematically, Eve needs d: m = cd, but Eve does not know d. • Eve decided to figure out m without first knowing exactly what d is.

  9. Chosen Ciphertext attack… • Eve chooses a random number r (r < n), then compute: x = re mod n y = xc mod n t = r-1 mod n • Eve gets Alice to sign y with her private key, therefore decrypting y. • Alice sends Eve: u = yd mod n • Eve computes, and get m: tu mod n = r-1yd mod n = r-1xdcd mod n = cd mod n = m

  10. Prevent against this chosen ciphertext attack • Signing and encrypting (& decrypting) are 2 different things. • They can be done separately. • 1 set of keys for signing and verification. • 1 set of keys for decrypting and encrypting. • Sign on a one-way hash of message, not the message. • Signing will not decrypt the message, so Eve can not figure out m

  11. Attack on Encrypting and Signing with RSA • Alice sends a message m to Bob • She encrypts m with Bob public key, then signs with her private key: (meB mod nB)dA mod nA • Bob can claim that Alice sent him m’, not m. • He can find x, such that: m’x = m mod n • If he can publish xeB replace old eB

  12. To prevent this attack… • Assign each user fixed keys • Usually be done by third party: VeriSign… • Moreover, common good practice: sign first, encrypt later.

More Related