On Tue, 31 Aug 2010, Justin Ferguson wrote: > I'm not really much of a crypto guy so when the details come up it's > often kind of hard for me to entirely wrap my head around. That said, > I'm currently dealing with a situation where the public key, > plain-text and cipher-text are all known to an attacker; furthermore, > the random oracles/et cetera employed during the OEAP scheme are also > known to the attacker. Furthermore, the attacker can modify those > values (id est random oracle values of zero, or whatever the attacker > wants) and repeat the plain-text to cipher-text process as they see > fit. Furthermore, the key length exceeds the length of the message. > Basically, only the private key is not under the attackers control. > > From that, what I am getting is that this is virtually the same as RSA > without the padding scheme and should be vulnerable due to it being a > deterministic algorithm; however my question is how much does it > really reduce the complexity? Is an attack against this even feasible > in any practical terms?
What is the goal of an attacker? Since he knows plain-text, it is definitely not plain-text; on the other hand, no operations with the public key can help the attacker to get the private key, whether he does these operations himself or observes somebody else doing them. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
