sci.crypt archive
Re: gnupg rsa question // why use e of 41 ?
From: David Wagner <daw@taverner.cs.berkeley.edu>
Date: Mon May 01 2006 - 04:13:13 CEST
Date: Mon May 01 2006 - 04:13:13 CEST
Unruh wrote:
>daw@taverner.cs.berkeley.edu (David Wagner) writes:
>> 4) The Franklin-Reiter attack: if you encrypt two messages M,M' that
>> satisfy a relationship M' = f(M) for some polynomial f, then an attacker
>> can recover M and M' in time O(e^2).
>
>Since all messages are related by a polynomial, this would say all messages
>can be decrypted. (M1=M2+(M1-M2)) I assume you mean related by a publically
>known polynomial.
Yes. Sorry.
Received on Mon May 1 02:06:38 2006