Hi, > In the past there have been a few proposals to use asymmetric cryptosystems, > typically RSA, like symmetric ones by keeping the public key secret, the idea > behind this being that if the public key isn't known then there isn't anything > for an attacker to factor or otherwise attack. Turns out that doing this > isn't secure: > > http://eprint.iacr.org/2012/588
A question: The attack seems to aim at getting n = p * q, and then factor it. I.e. what they really show is that it is possible to derive the public key from two plain/ciphertext pairs; alternatively a multiple of n. In essence, there is no point in keeping the public key secret as it can be guessed. However, the factoring would still remain as a huge task for the attacker, unless RSA is used at a meagre bit length, as in their example. Correct? Ralph
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
