On Thu, 7 Sep 2006, Leichter, Jerry wrote: > | If an attacker is given access to a raw RSA decryption oracle (the > | oracle calculates c^d mod n for any c) is it possible to extract the > | key (d)? > If I hand you my public key, I have in effect handed you an oracle that > will compute c^d mod n for any c. What you are asking is whether you > can then extract my private key e - which is exactly what the security > claims for RSA say you cannot do. (Note that I chose to call my > public key d and by private key e - but since the two keys are > completely equivalent in RSA, that's just naming.)
I want to extract the exponent that is used by the oracle: this is the difference between the chosen-plaintext attack (it does not require an oracle, since it is a public key scheme) and the chosen-ciphertext attack (CCA1). -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
