Password Knowledge Tutorial Two _ Security related

RSA's Select ciphertext attack.
RSA is vulnerable to the choice of ciphertext attacks. A general attacker would be to disguise a message (blind) and allow the entity with the private key to sign it. Then, after calculation, you get the information it wants. In fact, the attack exploits the same vulnerability, that is, the fact that the power of the power retains the multiplicative structure of the input:
(XM) ^d = x^d *m^d mod n
As mentioned earlier, this inherent problem comes from the most useful feature of public-key cryptography--everyone can use a public key. But the algorithm can not solve the problem, the main measures are two: one is to adopt a good public key protocol to ensure that the entity does not decrypt any information generated by other entities in the course of work, and does not sign the information that it knows nothing about; the other is to never send a random document signature to a stranger, using one-way first when signing The hash function hashes the document or uses a different signature algorithm at the same time. Several different types of attack methods are mentioned in.
RSA's public modulus attack.
If there is a modulus in the system, only different people have different E and D, the system will be dangerous. The most common scenario is that the same information is encrypted with different public keys, which are common-mode and coprime, so that the information can be recovered without the private key. Set p as information plaintext, two encryption keys are E1 and E2, and public modulus is n, then:
C1 = p^e1 mod n
C2 = p^e2 mod n
The cipher analyst knows N, E1, E2, C1, and C2 to get p.
Because of E1 and E2 coprime, we can find r and s by using the Euclidean algorithm to satisfy:
R * E1 + S * E2 = 1
Assuming R is negative, the Euclidean algorithm is needed to compute c1^ (-1), then
(c1^ ( -1)) ^ (r) * c2^s = P mod n
In addition, there are several other ways to exploit public modulus attacks. In short, if you know a pair of E and D for a given modulus, one is for the attacker to decompose the modulus, one is to help the attacker to compute the other pairs of e ' and d ', without decomposing modulus. There is only one solution, and that is not to share modulo n.
RSA's small exponential attack. One suggestion to improve RSA speed is to make the public key e take a smaller value, which makes encryption easier to implement and faster. But this is unsafe, and the answer is that both E and D take a larger value.
RSA algorithm is the first algorithm that can be used in both encryption and digital signature, and it is easy to understand and operate. RSA is the most widely studied public-key algorithm, from the proposed to now nearly 20 years, experienced a variety of attacks, gradually accepted by people, generally considered to be one of the best public key schemes. RSA security relies on the factorization of large number of factors, but it doesn't prove that the difficulty of deciphering RSA is equivalent to the difficulty of large number decomposition. That is, RSA's major flaw is that it cannot theoretically grasp its confidentiality performance, and the majority of cryptography scholars tend to factorization is not a NPC problem.
RSA's disadvantages are: a The key is very troublesome, by the number of technology constraints, so it is difficult to do one time a secret. B) The packet length is too large, to ensure security, n at least more than bits, so that the cost of the operation is very high, especially the slow, more symmetric cipher algorithm slow several orders of magnitude, and with the development of large number decomposition technology, this length is not conducive to the standardization of data format. Currently, the SET (Secure Electronic Transaction) protocol requires the CA to use a 2048-strong key, and the other entities use a 1024-bit key.
DSS/DSA algorithm
Digital Signature algorithm
(DSA) is a variant of the Schnorr and ElGamal signature algorithm, which was used as a DSS (Digital Signaturestandard) by the United States NIST. The following parameters are applied in the algorithm:
The prime number of bits long p:l. L is a multiple of 64, the range is 512 to 1024;
Q:p-1 of the 160bits of the element factor;
G:g = h^ (p-1)/q) mod p,h satisfies h < p-1, h^ ((p-1)/q) mod p > 1;
X:x < q,x is the private key;
y:y = g^x mod p, (p, Q, G, Y) as public key;
H (x): One-way hash function. The DSS selects Sha (Secure Hash algorithm).
P, Q,
G can be shared by a group of users, but in practical applications, the use of public modules may pose a threat. The signature and verification agreement are as follows:
1. P produces random number k,k < q;
2. P Calculates r = (g^k mod p) mod q
s = (k^ ( -1) (H (m) + XR) mod q
The signature result is (M, R, s).
3. Calculation w = s^ ( -1) mod Q at time of verification
U1 = (H (m) * W) mod q
U2 = (R * W) mod q
v = ((G^U1 * y^u2) mod p) mod q
If V = r, the signature is considered valid.
DSA is based on the problem of integer finite domain discrete logarithm, and its security is similar to that of RSA. An important feature of DSA is that two primes are exposed, so that when you use the P and Q of Others, you can confirm whether they are randomly generated or not, even if you don't know the private key. The RSA algorithm is not.