Re: attack against ElGamal (and related algorithms)
From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 12/21/03
- Next message: Mok-Kong Shen: "Re: Formulae for Latin squares of size 2^n"
- Previous message: Henrick Hellström: "Re: ECB 1.0 beta 1"
- In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Reply: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Dec 2003 03:54:14 -0800
Atom 'Smasher' <ngbz@fhfcvpvbhf.bet> writes:
> the point isn't for Eve to sign anything... the point is that Eve can use a
> fixed "k" to encrypt a message using Bob's public key.
>
> the protocol seems to require that a unique "k" is used for each encryption,
> or else there's a problem. that problem seems easy to create under
> controlled conditions.
You're missing or misunderstanding something. I don't have the book
handy so I can't tell exactly what you mean by k. If you mean the
session key that Eve encrypts by multiplying it by g^(be) where g^b is
Bob's public key and e is Eve's private key, then sure, Eve can
recover it, but it's generated entirely by Eve. It's just the key for
a specific message, not Bob's private key b.
- Next message: Mok-Kong Shen: "Re: Formulae for Latin squares of size 2^n"
- Previous message: Henrick Hellström: "Re: ECB 1.0 beta 1"
- In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Reply: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
