Re: RSA Low Encryption Exponent Attack

Vin McLellan (vin@shore.net)
Thu, 21 May 1998 14:58:39 -0400

• Next message: Julian Assange: "[gnu.emacs.sources] Emacs Cryptographic Library and Tools"
• Previous message: James Black: "re: question on NS specific encryption"

        Bruce gives a cite in ACv2:

|> 1596. M.J. Wiener, "Cryptoanalysis of Short RSA Secret Exponents,"
|>IEEE Transactions on Information Theory, v. 36, n.3, May 1990.

        You can get the paper from the OPERA database at www.ieee.org.

        This isn't really an attack on RSA, but rather upon a peculiar
protocol: a way RSAPKC could be used (or misused;-) I asked Bob Silverman
of RSA Labs about this once, and he said: Yup, if someone sends a multitude
of related messages with the same key and a low exponent there is a viable
attack there. However, the attack is blocked simply by padding each message
with some random bytes or by hashing.

        Surete,
                _Vin

>Applied Crypto 2, section 19.3 mentions briefly a low encryption exponent
>attack against RSA.
>
>I'm looking for details to this attack. (I wondering if this attack allows
>one to break a CA which signs with keys where e==3, for example. )
>
>TIA. Cheers.
>--
>Ng Pheng Siong <ngps@post1.com>

-----
      Vin McLellan + The Privacy Guild + <vin@shore.net>
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
                         -- <@><@> --

• Next message: Julian Assange: "[gnu.emacs.sources] Emacs Cryptographic Library and Tools"
• Previous message: James Black: "re: question on NS specific encryption"