SlideShare a Scribd company logo

2.10 Security of RSA.pptx

Download as PPTX, PDF
G
girilogu2

RSA

Engineering
1 of 10
SRI KRISHNA COLLEGE OF ENGINEERING AND TECHNOLOGY Kuniamuthur, Coimbatore, Tamilnadu, India An Autonomous Institution, Affiliated to Anna University, Accredited by NAAC with “A” Grade & Accredited by NBA (CSE, ECE, IT, MECH ,EEE, CIVIL& MCT) COURSE MATERIALMATERIAL Course : 20EC603 – Fundamentals of Network Security Module - 2: Public Key Cryptography and authentication requirements Topics : Security of RSA www.skcet.ac.in
RSASecurity Four possible approaches to attacking the RSA algorithm are • Brute force: This involves trying all possible private keys. • Mathematical attacks: There are several approaches, all equivalent in effort to factoring the product of two primes. • Timing attacks: These depend on the running time of the decryption algorithm. • Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
• The defense against the brute-force approach is the same for RSA as for other cryptosystems, namely, to use a large key space. Thus, the larger the number of bits in d, the better. However, because the calculations involved, both in key generation and in encryption/decryption, are complex, the larger the size of the key, the slower the system will run.
Mathematical and Timing Attacks THE FACTORING PROBLEM • Three approaches to attacking RSA mathematically. 1. Factor n into its two prime factors. This enables calculation of f(n) = (p - 1) × (q - 1), which in turn enables determination of d K e-1 (mod f(n)). 2. Determine f(n) directly, without first determining p and q. Again, this enables determination of d K e-1 (mod f(n)). 3. Determine d directly, without first determining f(n).
• Most discussions of the cryptanalysis of RSA have focused on the task of factoring n into its two prime factors. Determining f(n) given n is equivalent to factoring N With presently known algorithms, determining d given e and n appears to be at least as time-consuming as the factoring problem
Factoring Problem • mathematical approach takes 3 forms: – factor N=p.q, hence find ø(N) and then d – determine ø(N) directly and find d – find d directly • currently believe all equivalent to factoring – have seen slow improvements over the years • as ofAug-99 best is 130 decimal digits (512) bit with GNFS – biggest improvement comes from improved algorithm • cf “Quadratic Sieve” to “Generalized Number Field Sieve” – barring dramatic breakthrough 1024+ bit RSA secure • ensure p, q of similar size and matching other constraints
TimingAttacks • developed in mid-1990’s • exploit timing variations in operations – infer bits of d based on time taken • countermeasures – use constant exponentiation time – add random delays – blind values used in calculations • C’ = (Mr)e, M’ = (C’)d, M=M’r-1
Chosen Ciphertext Attacks • RSA is vulnerable to a Chosen Ciphertext Attack (CCA) • attackers chooses ciphertexts & gets decrypted plaintext back • choose ciphertext to exploit properties of RSA to provide info to help cryptanalysis • can counter with random pad of plaintext • or use Optimal Asymmetric Encryption Padding (OASP)
Optimal Asymmetric Encryption Padding (OASP)
Summary • have considered: – principles of public-key cryptography – RSA algorithm, implementation, security

Recommended

Rsa
RsaRsa
Rsa
magentie
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
DHANABALSUBRAMANIAN
 
Data security using rsa
Data security using rsaData security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
Ch9
Ch9Ch9
Ch9
Mahender Kumar
 
RSA
RSARSA
RSA
Abirami Thangavel
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
CSCJournals
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
Qualcomm
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
ChandraB15
 

Recommended

Rsa
RsaRsa
Rsa
magentie
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
DHANABALSUBRAMANIAN
 
Data security using rsa
Data security using rsaData security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
Ch9
Ch9Ch9
Ch9
Mahender Kumar
 
RSA
RSARSA
RSA
Abirami Thangavel
 
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
Implementation of RSA Algorithm with Chinese Remainder Theorem for Modulus N ...
CSCJournals
 
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHYRSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
RSA - ENCRYPTION ALGORITHM CRYPTOGRAPHY
Qualcomm
 
ch09_rsa_nemo.ppt
ch09_rsa_nemo.pptch09_rsa_nemo.ppt
ch09_rsa_nemo.ppt
ChandraB15
 
CNS.ppt
CNS.pptCNS.ppt
CNS.ppt
GopinathSamydurai
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
Md. Shafiul Alam Sagor
 
Rsa
RsaRsa
Rsa
Navneet Sharma
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
thai
 
Rsa
RsaRsa
Rsa
ismaelhaider
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
Sam Bowne
 
Ch09
Ch09Ch09
Ch09
Joe Christensen
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
Gopinath Muthusamy
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
RizwanBasha12
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
ijcsa
 
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docxAbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
ransayo
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithm
Vaibhav Khanna
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
Sam Bowne
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
Joon Young Park
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.ppt
wwww63
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
Shashank Mishra
 
Chaotic cryptography and multimedia security
Chaotic cryptography and multimedia securityChaotic cryptography and multimedia security
Chaotic cryptography and multimedia security
Fatima Azeez
 
RSA Algm.pptx
RSA Algm.pptxRSA Algm.pptx
RSA Algm.pptx
Sou Jana
 
2.11 Diffie -hellman exchange.pptx
2.11 Diffie -hellman exchange.pptx2.11 Diffie -hellman exchange.pptx
2.11 Diffie -hellman exchange.pptx
girilogu2
 
2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx
girilogu2
 

More Related Content

Similar to 2.10 Security of RSA.pptx

State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
ijcsa
 
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docxAbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
ransayo
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
journalBEEI
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.ppt
wwww63
 

Similar to 2.10 Security of RSA.pptx (20)

CNS.ppt
CNS.pptCNS.ppt
CNS.ppt
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Rsa
RsaRsa
Rsa
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applications
 
Rsa
RsaRsa
Rsa
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
 
Ch09
Ch09Ch09
Ch09
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
 
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docxAbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docx
 
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
Chaotic Rivest-Shamir-Adlerman Algorithm with Data Encryption Standard Schedu...
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithm
 
3. Cryptographic Security
3. Cryptographic Security3. Cryptographic Security
3. Cryptographic Security
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
14_526_topic04.ppt
14_526_topic04.ppt14_526_topic04.ppt
14_526_topic04.ppt
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 
Chaotic cryptography and multimedia security
Chaotic cryptography and multimedia securityChaotic cryptography and multimedia security
Chaotic cryptography and multimedia security
 
RSA Algm.pptx
RSA Algm.pptxRSA Algm.pptx
RSA Algm.pptx
 

More from girilogu2

2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx
girilogu2
 
VLSI Bluetooth baseband controller.pptx
VLSI Bluetooth baseband controller.pptxVLSI Bluetooth baseband controller.pptx
VLSI Bluetooth baseband controller.pptx
girilogu2
 
2.13 Inroductory idea of elliptic curve cryptography.pptx
2.13 Inroductory idea of elliptic curve cryptography.pptx2.13 Inroductory idea of elliptic curve cryptography.pptx
2.13 Inroductory idea of elliptic curve cryptography.pptx
girilogu2
 

More from girilogu2 (6)

2.11 Diffie -hellman exchange.pptx
2.11 Diffie -hellman exchange.pptx2.11 Diffie -hellman exchange.pptx
2.11 Diffie -hellman exchange.pptx
 
2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx
 
2.2 Product-architecture.ppt
2.2 Product-architecture.ppt2.2 Product-architecture.ppt
2.2 Product-architecture.ppt
 
2.1 Product_Specifications.ppt
2.1 Product_Specifications.ppt2.1 Product_Specifications.ppt
2.1 Product_Specifications.ppt
 
VLSI Bluetooth baseband controller.pptx
VLSI Bluetooth baseband controller.pptxVLSI Bluetooth baseband controller.pptx
VLSI Bluetooth baseband controller.pptx
 
2.13 Inroductory idea of elliptic curve cryptography.pptx
2.13 Inroductory idea of elliptic curve cryptography.pptx2.13 Inroductory idea of elliptic curve cryptography.pptx
2.13 Inroductory idea of elliptic curve cryptography.pptx
 

Recently uploaded

Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligence
mahaffeycheryld
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
IJECEIAES
 
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
A
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
Mathias Magdowski
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
Alexander Litvinenko
 
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Christo Ananth
 

Recently uploaded (20)

Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligence
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
一比一原版(NEU毕业证书)东北大学毕业证成绩单原件一模一样
 
Geometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfGeometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdf
 
Independent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging StationIndependent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging Station
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
 
Raashid final report on Embedded Systems
Raashid final report on Embedded SystemsRaashid final report on Embedded Systems
Raashid final report on Embedded Systems
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
DBMS-Report on Student management system.pptx
DBMS-Report on Student management system.pptxDBMS-Report on Student management system.pptx
DBMS-Report on Student management system.pptx
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
engineering chemistry power point presentation
engineering chemistry power point presentationengineering chemistry power point presentation
engineering chemistry power point presentation
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Introduction-to- Metrology and Quality.pptx
Introduction-to- Metrology and Quality.pptxIntroduction-to- Metrology and Quality.pptx
Introduction-to- Metrology and Quality.pptx
 
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
 
History of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & ModernizationHistory of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & Modernization
 
Working Principle of Echo Sounder and Doppler Effect.pdf
Working Principle of Echo Sounder and Doppler Effect.pdfWorking Principle of Echo Sounder and Doppler Effect.pdf
Working Principle of Echo Sounder and Doppler Effect.pdf
 
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
NEWLETTER FRANCE HELICES/ SDS SURFACE DRIVES - MAY 2024
 
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxSLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, Functions
 

2.10 Security of RSA.pptx

  • 1. SRI KRISHNA COLLEGE OF ENGINEERING AND TECHNOLOGY Kuniamuthur, Coimbatore, Tamilnadu, India An Autonomous Institution, Affiliated to Anna University, Accredited by NAAC with “A” Grade & Accredited by NBA (CSE, ECE, IT, MECH ,EEE, CIVIL& MCT) COURSE MATERIALMATERIAL Course : 20EC603 – Fundamentals of Network Security Module - 2: Public Key Cryptography and authentication requirements Topics : Security of RSA www.skcet.ac.in
  • 2. RSASecurity Four possible approaches to attacking the RSA algorithm are • Brute force: This involves trying all possible private keys. • Mathematical attacks: There are several approaches, all equivalent in effort to factoring the product of two primes. • Timing attacks: These depend on the running time of the decryption algorithm. • Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
  • 3. • The defense against the brute-force approach is the same for RSA as for other cryptosystems, namely, to use a large key space. Thus, the larger the number of bits in d, the better. However, because the calculations involved, both in key generation and in encryption/decryption, are complex, the larger the size of the key, the slower the system will run.
  • 4. Mathematical and Timing Attacks THE FACTORING PROBLEM • Three approaches to attacking RSA mathematically. 1. Factor n into its two prime factors. This enables calculation of f(n) = (p - 1) × (q - 1), which in turn enables determination of d K e-1 (mod f(n)). 2. Determine f(n) directly, without first determining p and q. Again, this enables determination of d K e-1 (mod f(n)). 3. Determine d directly, without first determining f(n).
  • 5. • Most discussions of the cryptanalysis of RSA have focused on the task of factoring n into its two prime factors. Determining f(n) given n is equivalent to factoring N With presently known algorithms, determining d given e and n appears to be at least as time-consuming as the factoring problem
  • 6. Factoring Problem • mathematical approach takes 3 forms: – factor N=p.q, hence find ø(N) and then d – determine ø(N) directly and find d – find d directly • currently believe all equivalent to factoring – have seen slow improvements over the years • as ofAug-99 best is 130 decimal digits (512) bit with GNFS – biggest improvement comes from improved algorithm • cf “Quadratic Sieve” to “Generalized Number Field Sieve” – barring dramatic breakthrough 1024+ bit RSA secure • ensure p, q of similar size and matching other constraints
  • 7. TimingAttacks • developed in mid-1990’s • exploit timing variations in operations – infer bits of d based on time taken • countermeasures – use constant exponentiation time – add random delays – blind values used in calculations • C’ = (Mr)e, M’ = (C’)d, M=M’r-1
  • 8. Chosen Ciphertext Attacks • RSA is vulnerable to a Chosen Ciphertext Attack (CCA) • attackers chooses ciphertexts & gets decrypted plaintext back • choose ciphertext to exploit properties of RSA to provide info to help cryptanalysis • can counter with random pad of plaintext • or use Optimal Asymmetric Encryption Padding (OASP)
  • 10. Summary • have considered: – principles of public-key cryptography – RSA algorithm, implementation, security