Re: attack against ElGamal (and related algorithms)
From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 12/21/03
- Next message: DJohn37050: "Re: RSA vs DH"
- Previous message: Tom St Denis: "Re: ECB 1.0 beta 1"
- In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Reply: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Dec 2003 20:49:25 GMT
"Atom 'Smasher'" <ngbz@fhfcvpvbhf.bet> wrote in message
news:vuc14iifigomdf@corp.supernews.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > According to Schneier, in order to recover Bob's private key, you must
> > either:
> >
> > (1) Recover the value of K associated with a particular message (a
number
> > of problems come to mind) or,
> >
> > (2) Know two messages that were signed or encrypted using the same K
> > without necessarily knowing the value of K.
> =============================
>
> #2 is a condition that can be created be Eve: Eve uses her modified copy
of
> PGP to create 2 messages encrypted using Bob's public key and the same
"k".
>
> Eve has then satisfied the condition of #2: she has 2 messages encrypted
> using the same "k".
Gah? Dude look up the math for ElGamal then get back to us. Eve doen't
know Bob's secret "x" at all. She knows g^x mod p. So even if she can find
g^x mod p from g^xk mod p [e.g. by knowing k] that doesn't give Eve
anything.
Tom
- Next message: DJohn37050: "Re: RSA vs DH"
- Previous message: Tom St Denis: "Re: ECB 1.0 beta 1"
- In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Reply: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
