_________________________________________________________________________
_____________________
RSA: Attacking the cryptosystem [V. 1.3]
Written by The Death, February 8th 2001
(I can be found on the BoxNetwork's IRC server under
ThyDeath)
_________________________________________________________________________
_____________________
Table of Content
1.0..............................................................Introduc
tion
1.1..................................Basic Math & Functions Used In This
Part
1.2................................................Basic Statements Used
Here
1.3............................................................Trial
Division
1.4..................................The Idea Behind The Described
Algorithms
1.5........................................................Fermat's
Factoring
1.6.............................................................Pollard's
P-1
1.7....................................................Initial Segment
Attack
2.0............................................................Random
Attacks
2.1...................................................Basic Randomness
Attack
2.2.............................................................Pollard's
RHO
3.0.......................................................Real-Life
Scenarios
3.1..............................................................Known
phi(N)
3.2............................................................Common
Modulus
_________________________________________________________________________
_____________________
>>> 1.0 Introduction >> 1.1 Basic Math & Functions Used In This Part >> 1.2 Basic Statements Used Here >> 1.3 Trial Division >> 1.4 The Idea Behind The Described Algorithms >> 1.5 Fermat's Factoring >> 1.6 Pollard's P-1 >> 1.7 Initial Segment Attack 1 ?
* Yes - You found a factor! P = GCD(B,M), Q = M/P
* No - If A >> 2.0 Random Attacks >> 2.1 Basic Randomness Attack >> 2.2 Pollard's RHO >> 3.0 Real-Life Scenarios >> 3.1 Known phi(N) >> 3.2 Common Modulus <<<
The next scenario will relay on this basic one:
Suppose there is a modulus S which is shared among several people. Each
has it's own private/public
exponents set, but all based on the same modulus. None of the men know
the factors. (This scenerio
may occur if a company chooses to issue all of the employees with keys,
and for optimization uses a
common modulus).
If one sends a message to two people sharing the same modulus, and an
evesdropper is listening and
reading the communication, the evesdropper can get the original message
out of the two.
* M - The original message
* J, K - The two ciphertexts
* S - The common modulus
* A, B - The public exponents of the two recipents
GCD(J,K) = 1, the evesdropper uses the extended euclidian algorithm to
find two numbers such that
a*x + b*y = 1. Using x and y, the evesdropper computes:
M = (J^x)*(K^y) Mod S
And there you go...
_________________________________________________________________________
_____________________
That is all for now. I will add this part other algorithms as I find &
learn them.
Expect preceeding parts to come!
The Death
_________________________________________________________________________
_____________________