Join Log in
Score:0
Green Ideology avatar Crypto

Curious about CCA attack for RSA, and Kerckhoffs's principle in general

sz flag
Green Ideology

I'm a student studying cybersecurity for the first time, and the part where our textbook explains using CCA attacks for RSAs seemed really unclear for me, so I am here seeking for clarification.

Our textbook quotes

if the attacker receives encrypted message c = m^e (mod n), they can multiply by the encryption of a random number r^e (mod n) and ask the decryption oracle to decrypt r^e*c, which gives them back rm. Finally, they can multiply by r^(−1) (mod n) to recover m.

I understand everything except the ask the decryption oracle to decrypt r^e*c part - I learned that RSA decryption keys are kept private, then how would the attacker be able to use the decryption oracle?

More generally, I think my misunderstanding stems from my lack of knowledge regarding Kerckhoffs's principle. We never had a clear lecture on this, and my understanding is that, basically, we assume the attacker has the knowledge of everything about the system minus the keys themselves. Does this imply the attacker also has knowledge of the decryption oracle? Then how would this make any sense, since the attacker can simply decrypt any ciphertext they find..?

I would more than appreciate if someone with more expertise be able to sort some of the details out here.

Thank you!

57
1 + 0
Score:0
kodlu avatar Crypto
sa flag
kodlu

The decryption oracle is an interactive black box the attacker queries in an attempt to learn the the secret message $m.$ By definition of the CCA, he can do this. Using a digital signature verification algorithm online is equivalent to this since the signature $S=hash(m)^d$ is verified by computing $S^e$ and checking that it equals $hash(m)$ for the signed message $m$ to which the signature is appended (in the simple plain nonpadded version of RSA).

If he submits $r^e c$ to be decrypted, the oracle responds with $$z=(r^e c)^d =r^{ed} c^d=r^1 c^d=rm\pmod{pq} $$ and since he chose the random quantity $r,$ he knows its inverse $r^{-1}$ thus computes $r^{-1} z=m.$

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.