[41154] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Raw RSA

daemon@ATHENA.MIT.EDU (Alexander Klimov)
Thu Sep 7 07:55:46 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 6 Sep 2006 13:02:56 +0300 (IDT)
From: Alexander Klimov <alserkli@inbox.ru>
To: cryptography@metzdowd.com

Hi.

If an attacker is given access to a raw RSA decryption oracle (the
oracle calculates c^d mod n for any c) is it possible to extract the
key (d)?

It is known, that given such an oracle, the attacker can ask for
"decryption"  of all primes less than B, and then he will be able to
sign PKCS-1 encoded messages if the representative number is B-smooth,
but is there any way to actually recover d itself?

-- 
Regards,
ASK

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41154] in cryptography@c2.net mail archive

Raw RSA

daemon@ATHENA.MIT.EDU (Alexander Klimov)Thu Sep 7 07:55:46 2006

daemon@ATHENA.MIT.EDU (Alexander Klimov)
Thu Sep 7 07:55:46 2006