Attacks on Digital Signature Algorithm: RSA

1
Attacks on Digital Signature Algorithm RSA

• John Nguyen

2
RSA as a Digital Signature Algorithm

• The need for digital signature online banking,
  routable forms
• Requirement something uniquely identify oneself,
  and people can verify that unique identification.
• RSA is a public key cryptography which offers
  that need.
• Private key to sign the message.
• Public key to verify the signature.

3
RSA

• A public key algorithm
• Easy to understand and implement
• Popular, used by numerous companies such as
  Motorola and Adobe in its Acrobat product.
• De facto standard in much of the world.

4
RSA Algorithm

• Choose 2 large prime numbers p and q
• Then compute n pq
• Choose e such that e and (p-1)(q-1) are
  relatively prime.
• key d can be computed by using extended Euclidean
  algorithm
• ed 1 mod (p-1)(q-1)

5
RSA Encrytion

• Public key n and e
• Private key d
• Encrypting
• c me mod n
• Decrypting
• m cd mod n
• Digital signature
• c md mod n (signing)
• m ce mod n (verification)

6
Proof

• cd (me)d (mod n)
• med
• mk(p-1)(q-1) 1
• mmk(p-1)(q-1)
• m 1 m
• mk(p-1)(q-1) mk?(n) m 1 (Eulers
  generalization of Fermats little theorem)
  

7
Security of RSA

• Factoring n is the most obvious attack.
• Difficult
• Factoring techonology best 129-decimal-digital
  modulus
• N must be larger than that to be secure
• Guessing value of (p-1)(q-1), but the difficulty
  is the same as factoring n
• Common attacks against RSAs implementation
  attack against the protocol, not the basic
  algorithm.

8
Chosen Cipher Attack against RSA

• Eve attacker, Alice user
• Eve got c encrypted by Alices public key. Eve
  wants to read plaintext m from c.
• Mathematically, Eve needs d m cd, but Eve does
  not know d.
• Eve decided to figure out m without first knowing
  exactly what d is.

9
Chosen Ciphertext attack

• Eve chooses a random number r (r lt n), then
  compute
• x re mod n
• y xc mod n
• t r-1 mod n
• Eve gets Alice to sign y with her private key,
  therefore decrypting y.
• Alice sends Eve u yd mod n
• Eve computes, and get m
• tu mod n r-1yd mod n r-1xdcd mod n cd mod
  n m

10
Prevent against this chosen ciphertext attack

• Signing and encrypting ( decrypting) are 2
  different things.
• They can be done separately.
• 1 set of keys for signing and verification.
• 1 set of keys for decrypting and encrypting.
• Sign on a one-way hash of message, not the
  message.
• Signing will not decrypt the message, so Eve can
  not figure out m

11
Attack on Encrypting and Signing with RSA

• Alice sends a message m to Bob
• She encrypts m with Bob public key, then signs
  with her private key
• (meB mod nB)dA mod nA
• Bob can claim that Alice sent him m, not m.
• He can find x, such that
• mx m mod n
• If he can publish xeB replace old eB

12
To prevent this attack

• Assign each user fixed keys
• Usually be done by third party VeriSign
• Moreover, common good practice sign first,
  encrypt later.