RSA is subject to a forward search attack. An easy way to prevent this attack is to pad the plaintext with random bits before encrypting. This problem shows that there is another RSA issue that is also prevented by padding the plaintext. Suppose that Alice’s RSA public key is (TV, e) and her private key is d. Bob encrypts the message M (without padding) using Alice’s public key to obtain the ciphertext C = Me mod TV. Bob sends C to Alice and, as usual, Trudy intercepts C.
a. Suppose that Alice will decrypt one message of Trudy’s choosing, provided that it is not C. Show that Trudy can easily determine M. Hint: Trudy chooses r and asks Alice to decrypt the ciphertext C” = Cre mod TV.
b. Why is this “attack” prevented by padding the message?
Alice receives a single ciphertext C from Bob, which was encrypted using Alice’s RSA public key. Let M be the corresponding plaintext. Alice challenges Trudy to recover M under the following rules. Alice sends C to Trudy, and Alice agrees to decrypt one ciphertext that was encrypted with Alice’s public key, provided that it is not C, and give the resulting plaintext to Trudy. Is it possible for Trudy to recover M?
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.