By definition, the Franklin Reiter related message attack works in a scenario where two messages differ only by a fixed known difference. Suppose I have two messages encrypted by RSA with the same public key (N, e), where:
M1 = "Hello " + name1 + message
M2 = "Hello " + name2 + message
How can I perform the Franklin-Reiter related message attack on them?
I am aware that we need (N, e, C1, C2, f) for a Franklin Reiter related message attack where f = ax + b, but what is f in this case?
Related
I got a quiz question asking which of the following pair(n,e) is a correct RSA public key?
n = 437 and e = 7
n = 437 and e = 11
Hint 437 = 19*23
Is there anyway to tell is a RSA public key correct? Or I've must missed some important content
Short Answer:
The 2nd one is incorrect. Because gcd(e, lambda(n)) must be 1, but it is not in 2nd case.
Long answer:
Go through RSA key generation:
n=437 and 437=19*23, so p, q are 19, 23.
lambda(437)=(p-1)*(q-1)=18*22
Now we need to select e in a way 1<e<lambda(n) and gcd(e, lambda(n))=1 meaning e and lambda(n) are coprime.
But in 2nd case, gcd(11, lambda(437))=11, so they are not coprime and we cannot use e=11.
I keep running into a _stdout error with a print statement within the browser IDE provided by Pearson, yet the error does not occur when using Wing 101 IDE.
I need the print statement to only output each variable (an integer(k), a double(d), and a string (s) respectively) in the order s, d, k and k, d, s on separate lines.
What I have below prints: "number: number: name: sam 4.0 3 3 4.0 sam"
I only need it to print the value of the three variables. Can someone help me understand why I am getting this error or why it is printing the prompts and values?
k = int(input("number: "))
d = float(input("number: "))
s = str(input("name: "))
print(s, d, k)
print(k, d, s)
The error message I get from Pearson's IDE:
Expected Output:
_stdout.txt:·"21.666666666666668
Actual Output:
_stdout.txt:·"How·old·is·Josh?·How·old·is·Cindy?·My·age·is:·21.666666666666668↵
Since your code is correct and only gives an error for the special ide you are using you might try the following:
k = int(input())
d = float(input())
s = str(input())
print(s, d, k)
I just try to understand cryptography, please be concern. Its not meant to be secure or professional. I create 3 numbers for each party. a public key, a secret key and a modulus. The first party (A) creates his keys
let pri = 133
let mod = 256
let pub = mod - pri
and shares "mod" and "pub" to other partys (B, C). When B want to encrypt a string he takes A's public key and modulus and do
// B encrypts
let enc = ( input + pubA ) % modA
A on his side is doing
// B decrypts
let dec = ( enc + priA) % modA
to decrypt it. My problem is, i can create multiple keypairs but only 1 associated public key to each secret key because i have to share the modulus of each pair for en/decryption.
Is it possible (in this situation) to create multiple publics numbers for a single private number? And if so, how can i do it?
Thank you (and sorry if this is a poor question)
EDIT Even if its not "good" to create your own cipher i want to do so..
I recognized that i missed the secret exponent d so that phi divides (e * expo)-1.
/* Pseude code */
p = q = primes()
n = p * q
phi = (p-1) * (q-1)
e = 3
d = ? // <-- have to find my own secret exponent!
if( gcd(e, p-1) != gcd(e, q-1) ) exit(0)
expo = 0
for(expo < 100000)
if( (e * expo)-1 == phi ) ) d = expo
And therefore i could have
public(n,e)
private(n,d)
so i can share (n,e). Is that correct?
Intro
I got a string original, which was encoded (using the procedure below), then encrypted with rsa and then decoded again, so I'm left with a ciphertext s.
To get back to the original plaintext I'd encode s, then decrypt and then decode again.
Encoding
Each character in s gets encoded (using the function x) like this:
x(A)=0, x(B)=1, ..., x(Z)=25
Then the message, with k amount of characters, gets encoded (using the function y) like this:
encoded_msg = y(s) = x(s0)*260 + x(s1)*261 + x(s2)*262 + ... x(sk)*26k-1
The problem
Now, if i do this for original="ABCD" for example, that would lead to
y(x(original)) = 0 + 1*26 + 2*676 + 3*17576 = 54106.
(encrypt → decrypt → 54106)
decode ?
My question is: If all I got are the functions x and y and a result 54106, how do I decode back to "ABCD"?
Little stuck on how to approach this question:
Xavier and Yvonne are in love. They both set up their own RSA keys:
Xavier’s public key is (eX , nX ) = (887, 15833), and Yvonne’s public key
is (eY , nY ) = (977, 13019). For each of the following, do not factor nX nor
nY , show the set up of the calculations and the results. You should use a
computer to perform the calculations.
(a) Yvonne wants to send Xavier a private message of love, which is
M = 3141. What is the ciphertext that Yvonne needs to send to Xavier?
(b) In return, Yvonne received three mysterious messages: C1 = 10889,
C2 = 2622, C3 = 4061. All three senders claim to be Xavier, and all
claim to have sent the message Ci ≡ MdX (mod nX) where M = 3141 and dX
is Xavier’s private key. However, only Xavier himself knows the actual
value of dX , and the other two are imposters trying to steal Yvonne away
from him. Help Yvonne determine which message is actually from Xavier,
and explain why your method works.
Any tips would be great thanks!
a) In order to send an RSA-encrypted message such that only the private key holder can decrypt it, it must be encrypted using the recipient's public key. In this case, the recipient is Xavier, so the message is encrypted using his public key: (eX, nX) = (887, 15833):
Message: M = 3141
Ciphertext: C = MeX mod nX
C = 3141887 mod 15833
C = 2054
b) This is essentially a signature verification of a message signed using Xavier's private key, which requires the use of the signer's public key. It is necessary to find which of the three messages, when decrypted using Xavier's public key results in the message that was sent (3141):
Ciphertext 1: C1 = 10889
Message 1: M1 = C1eX mod nX
M1 = 10889887 mod 15833
M1 = 6555 (mismatch)
Ciphertext 2: C2 = 2622
Message 2: M2 = C2eX mod nX
M2 = 2622887 mod 15833
M2 = 1466 (mismatch)
Ciphertext 3: C3 = 2622
Message 3: M3 = C3eX mod nX
M3 = 4061887 mod 15833
M3 = 3141 (match!)
Only C3 matches the message when decrypted using Xavier's public key, and so is the only authentic message.
Note: I used WolframAlpha to perform the modular exponentiation above, but it's easy enough (though rather more time-consuming) to do manually using repeated multiplication then reduction modulo n.