[145785] in cryptography@c2.net mail archive
RSA question
daemon@ATHENA.MIT.EDU (Justin Ferguson)
Tue Aug 31 10:58:06 2010
Date: Tue, 31 Aug 2010 00:04:44 -0700
From: Justin Ferguson <jnferguson@gmail.com>
To: cryptography@metzdowd.com
Hi,
I'm not really much of a crypto guy so when the details come up it's
often kind of hard for me to entirely wrap my head around. That said,
I'm currently dealing with a situation where the public key,
plain-text and cipher-text are all known to an attacker; furthermore,
the random oracles/et cetera employed during the OEAP scheme are also
known to the attacker. Furthermore, the attacker can modify those
values (id est random oracle values of zero, or whatever the attacker
wants) and repeat the plain-text to cipher-text process as they see
fit. Furthermore, the key length exceeds the length of the message.
Basically, only the private key is not under the attackers control.
From that, what I am getting is that this is virtually the same as RSA
without the padding scheme and should be vulnerable due to it being a
deterministic algorithm; however my question is how much does it
really reduce the complexity? Is an attack against this even feasible
in any practical terms?
Thanks.
Justin
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
