Re: attack against ElGamal (and related algorithms)

From: John E. Hadstate (jh113355_at_hotmail.com)
Date: 12/22/03

• Next message: Mok-Kong Shen: "Re: Formulae for Latin squares of size 2^n"
• Previous message: Scott Contini: "Re: What makes NFS tick?"
• In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
• Next in thread: Tom St Denis: "Re: attack against ElGamal (and related algorithms)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 21 Dec 2003 18:15:24 -0500

"Atom 'Smasher'" <ngbz@fhfcvpvbhf.bet> wrote in message
news:vuc14iifigomdf@corp.supernews.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > According to Schneier, in order to recover Bob's private key, you must
> > either:
> >
> > (1) Recover the value of K associated with a particular message (a
number
> > of problems come to mind) or,
> >
> > (2) Know two messages that were signed or encrypted using the same K
> > without necessarily knowing the value of K.
> =============================
>
> #2 is a condition that can be created be Eve: Eve uses her modified copy
of
> PGP to create 2 messages encrypted using Bob's public key and the same
"k".
>
> Eve has then satisfied the condition of #2: she has 2 messages encrypted
> using the same "k".
>
> atom
>

Well, I showed you the math taken from the same pages of the same book you
were quoting (and the math is correct).

Schneier's assertion is that Eve can recover Bob's private key if she knows
his public key and knows two messages that were signed or encrypted using
the same K. My conclusion is that this assertion is not supported by the
evidence at hand.

However, the math also shows that if K is known (I chose K=1), Eve can
decrypt messages intended for Bob *just as if she had Bob's private key*.

• Next message: Mok-Kong Shen: "Re: Formulae for Latin squares of size 2^n"
• Previous message: Scott Contini: "Re: What makes NFS tick?"
• In reply to: Atom 'Smasher': "Re: attack against ElGamal (and related algorithms)"
• Next in thread: Tom St Denis: "Re: attack against ElGamal (and related algorithms)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: attack against ElGamal (and related algorithms) ... > 4) Eve can then recover Bob's private key. ... different messages with the same k, not modify her own copy. ... (sci.crypt) Re: attack against ElGamal (and related algorithms) ... To get Bob's private key, ... >> own private key so doesn't need to recover it. ... > the point isn't for Eve to sign anything... ... one way todo ElGamal encryption is as follows ... (sci.crypt) Re: attack against ElGamal (and related algorithms) ... >> According to Schneier, in order to recover Bob's private key, you must ... >> of problems come to mind) or, ... >> without necessarily knowing the value of K. ... > #2 is a condition that can be created be Eve: ... (sci.crypt) Re: attack against ElGamal (and related algorithms) ... > You're missing or misunderstanding something. ... > handy so I can't tell exactly what you mean by k. ... > Bob's public key and e is Eve's private key, then sure, Eve can ... not Bob's private key b. ... (sci.crypt) recovering protected files ... >recover your previous installation of Windows in case it ... >all of my encrypted files was not in My documents folder, ... >Private key for encrypted files is stored in My ... (microsoft.public.windowsxp.security_admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint