Does Man-In-The-Middle attack isn't possible when we use reverse of RSA algorithm in Digital Signature?

user19121278

9/21/23, 3:41 PM

We know that in RSA algorithm Sender A can send an encrypted message to receiver B without any prior exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the private key, which only he knows.

In digital signature reverse RSA algorithm can also be used to sign a message, so A can sign a message using their private key and B can verify it using A's public key.

My question is in digital signature using reverse RSA algorithm message could not be decrypted by anyone except B in middle between A and B, because message is possible to decrypt by using A's public key which is available to everyone?

0 + 0

rsa

public-key

signature

Maarten Bodewes

9/23/23, 7:56 AM

Very basically, if at least one party / entity is not authenticated or if the channel doesn't depend on the authentication performed then a man-in-the-middle attack is feasible, as the attacker can impose as the unauthenticated party. For instance, we can always perform a MitM for normal browser-webserver communications - the webserver just doesn't care until you login / order stuff, but *you* can be reasonably sure that you're talking to the right server without a MitM.

Score:1

Crypto

Maarten Bodewes

9/21/23, 4:39 PM

Yes, anybody can perform modular exponentiation using the public key. This would then result in a padded hash, which would in turn contain the hash. So if an adversary is able to guess the input data then they can confirm that this data was signed against the hash value obtained after unpadding. The padding scheme is usually one of PKCS#1 v1.5 padding for signature generation or PSS.

This is of course basically the same as signature verification anyway, and since that is done using the public key, we would expect that anybody can do that.

This is generally not an issue for well designed protocols, but if you have a protocol that does a naive encrypt-and-sign (signing the plaintext and adding the signature to the ciphertext) then confidentiality may be lost and an attacker may be able to - for instance - replace the signature with their own. This is usually why sign-then-encrypt is used, or an altogether more complex construction.

Beware that - at least for for PKCS#1 - RSA uses different padding modes for encryption and signature generation; hence signature generation is not just encryption with the private key.

0 + 0

SAI Peregrinus

9/21/23, 6:03 PM

I like to note that RSA have created distinct names for the sign/verify and encrypt/decrypt systems. RSASSA for sign/verify, and RSAES for encrypt/decrypt. Helps avoid confusion since they're very different operations with different uses.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Does Man-In-The-Middle attack isn't possible when we use reverse of RSA algorithm in Digital Signature?

TH: การโจมตีแบบ Man-In-The-Middle เป็นไปไม่ได้เมื่อเราใช้อัลกอริทึมย้อนกลับของ RSA ในลายเซ็นดิจิทัลหรือไม่

RO: Atacul Man-In-The-Middle nu este posibil atunci când folosim algoritmul invers al RSA în Semnătura digitală?

RU: Невозможна ли атака «человек посередине», когда мы используем обратный алгоритм RSA в цифровой подписи?

VI: Có phải tấn công Man-In-The-Middle không thể thực hiện được khi chúng ta sử dụng ngược lại thuật toán RSA trong Chữ ký số?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.