Hi. If an attacker is given access to a raw RSA decryption oracle (the oracle calculates c^d mod n for any c) is it possible to extract the key (d)?
It is known, that given such an oracle, the attacker can ask for "decryption" of all primes less than B, and then he will be able to sign PKCS-1 encoded messages if the representative number is B-smooth, but is there any way to actually recover d itself? -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]