This section deals with attacks on RSA. The author outlines some attacks.
- Knowing a particular fraction of the digits of a one of the primes
or
of will allow you to factor
completely.
- Low exponent attacks--when
, the decryption exponent, is suffuciently small (
) allows Eve to use the continued fraction approximations of
and calculate the factors of
- Short plaintext: split the bits up, and do a meet-in-the-middle-esque attack.
- Timing attacks - using knowledge of the hardware/software implementation of RSA (especially the fast modular exponentiation part), and precise timings of instances of Bob decrypting messages, Eve may find Bob's decryption exponential power.
My response:
- The OAEP was the hardest part (in 6.2.2). I just glossed over it because it seems overly specific and an implementation detail I don't really care about.
- I actually quite enjoyed the proof in 6.2.1 using our result about the continued fractions from 3.12. Is there a reason they use 1/3 instead of 1/2?
No comments:
Post a Comment