On Sun, 10 Sep 2006, James A. Donald wrote: > Could you describe this attack in more detail. I do not see a > scenario where it would be useful.
Suppose that an attacker runs an activex control on the user's computer and the control is able to ask a smart card connected to the computer to perform raw RSA operations with user's private key. The goal of the attacker is to be able to sign some useful messages with the user's private key *after* the user disconnect his smart card. > The attacker can encrypt a subset of numbers - those that encrypt to > a B smooth number, but for this to be useful to him, he has to find > a number in the subset set that corresponds to what he desires to > encrypt, which looks like a very long brute force search. If the attacker needs to sign a message x, he needs to find a smooth number y = x + k n, where n is the RSA modulus and k is some arbitrary number. I forgot what was the algorithm to find such y (I am not even sure that it exists), IIRC, it was based on LLL. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
