[18808] in cryptography@c2.net mail archive
AW: [smb@cs.columbia.edu: Skype security evaluation]
daemon@ATHENA.MIT.EDU (Kuehn, Ulrich)
Mon Oct 31 11:43:02 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Kuehn, Ulrich" <Ulrich.Kuehn@telekom.de>
To: cyphrpunk@gmail.com, cypherpunks@jfet.org,
cryptography@metzdowd.com
Date: Mon, 31 Oct 2005 16:14:26 +0100
> -----Urspr=FCngliche Nachricht-----
> Von: owner-cryptography@metzdowd.com=20
> [mailto:owner-cryptography@metzdowd.com] Im Auftrag von cyphrpunk
> Gesendet: Freitag, 28. Oktober 2005 06:07
> An: cypherpunks@jfet.org; cryptography@metzdowd.com
> Betreff: Re: [smb@cs.columbia.edu: Skype security evaluation]
>=20
> Wasn't there a rumor last year that Skype didn't do any=20
> encryption padding, it just did a straight exponentiation of=20
> the plaintext?
>
> Would that be safe, if as the report suggests, the data being=20
> encrypted is 128 random bits (and assuming the encryption=20
> exponent is considerably bigger than 3)? Seems like it's=20
> probably OK. A bit risky perhaps to ride bareback like that=20
> but I don't see anything inherently fatal.
>=20
There are results available on this issue: First, a paper by=20
Boneh, Joux, and Nguyen "Why Textbook ElGamal and RSA Encryption=20
are Insecure", showing that you can essentially half the number=20
of bits in the message, i.e. in this case the symmetric key=20
transmitted.=20
Second, it turns out that the tricky part is the implementation=20
of the decryption side, where the straight-forward way -- ignoring=20
the padding with 0s "They are zeroes, aren't they?" -- gives you a=20
system that might be attacked in a chosen plaintext scenario very=20
efficiently, obtaining the symmetric key. See my paper "Side-Channel=20
Attacks on Textbook RSA and ElGamal Encryption" at PKC2003 for=20
details.
Hope this answers your question.
Ulrich
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
