The problem illustrates a simple application of the chosen ciphertext attack. Bo

Question

The problem illustrates a simple application of the chosen ciphertext attack. Bob intercepts a ciphertext C intended for Alice and encrypted with Alice’s public key e. Bob wants to obtain the original message M = C^d mod n. Bob chooses a random value r less than n and computes

Z = r^e mode n
X = ZC mod n
t = r^-1 mode n

Next, Bob gets Alice to authenticate (sign) X with her private key (as in figure 9.3), thereby decrypting X. Alice returns Y= X^d mod n . Show how Bob can use the information now available to him to determine M.

Explanation / Answer

Here, message M has been encrypted with the public key (e, n) of Alice to obtain the ciphertext C.

Then, C = Me mod n ----- (5)

From Z = re mod n and C = Me mod n we get, r = Zd mod n  and M = Cd mod n       

we can write this equation as Mi = ( i.n + Y )/r   ---- (7)

Now, Bob can comparing Ci with the original ciphertext C and get some j=i such that Cj=C. For any i = j, Cj=C, then, Mj will be the original message M.

In this process, Bob can get the message M which was encrypted with Alice’s public key without knowing the private key of Alice.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.