Hacker News new | past | comments | ask | show | jobs | submit login

haha i read this headline and thought to myself "breaking textbook RSA is EXACTLY what I was just learning about in class today" and then I noticed one of the authors is my professor



How funny! It's pretty cool learning things from the literal experts at the frontiers of human knowledge. I hope he or she teaches well as well!


Well, you're right, but keep in mind that breaking textbook RSA is not exactly "the frontiers of human knowledge", theory-wise. Most textbooks, in fact, will warn you that their description of RSA is vulnerable to chosen-plaintext attacks, and therefore you should add a padding scheme for your messages.

However, papers like this are extremely useful, as they show new ways to exploit this theoretical vulnerability in a real-world case study.


The attacks we're talking about aren't chosen plaintext; they're CCA2. And, in fact, RSA retains CCA2 vulnerability in its most common "padding" mode.


Then perhaps you could point me in the right direction:

where Cb = C (2^(be) mod(n)) (mod n)

I assume we are calculating Cb by encrypting the bit-shift and then applying it to C (which is already encrypted). Why do we need that last modulus at the end?


Haha let me get back to you once I finish replicating the paper (not using QQ but a sandbox) which we have to / get to do for hw :)


Which one?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: