Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site gatech.UUCP Path: utzoo!linus!decvax!harpo!eagle!hou5h!hou5a!hou5d!hogpc!houxm!hocda!spanky!burl!sb1!sb6!emory!gatech!ewa From: ewa@gatech.UUCP Newsgroups: net.crypt Subject: Re: Cracking public - key encryption schemes such as RSA Message-ID: <422@gatech.UUCP> Date: Tue, 30-Aug-83 13:13:29 EDT Article-I.D.: gatech.422 Posted: Tue Aug 30 13:13:29 1983 Date-Received: Wed, 31-Aug-83 22:59:27 EDT References: <363@nsc.uucp> Organization: Georgia Tech, School of ICS Lines: 30 In 1982, George Davide wrote a paper entitled "Chosen Signature Cryptanalysis of the RSA (MIT) Public Key Cryptosystem." (Available as TR-CS-82-2, University of Wisconsin -- Milwaukee, October, 1982.) In that paper, Davida showed, in effect, that the following scenario is possible, using the RSA Cryptosystem to digitally "sign" messages. (Essentially the same techniques allow one to decrypt messages.) SCENARIO: Bob is a bad guy. He would like to get Alice to sign the message "I Alice will pay you Bob ten million dollars." Bob cunningly gets Alice to sign the messages "I Bob will pay you Alice one million dollars." and "I Bob will pay you Alice two million dollars." (Note that Alice is likely to sign.) Using the information in the signatures Alice gave, Bob is now able to forge Alice's signature on the message "I Alice will pay you Bob ten million dollars." In a followup article, Richard DeMillo and Michael Merritt wrote "Chosen Signature Cryptanalysis of Public Key Cyptosystems." (Technical Memorandum, October 25, 1982, Georgia Institute of Technology. This is available by writing DeMillo or myself at Georgia Tech, School of Information and Computer Science, Atlanta, GA 30332, or by writing Mike Merritt at Bell Labs, Murrray Hill, NJ.) In that article, DeMillo and Merritt showed that the same flaw was shared by a wide class of Cryptosystems. (Note -- some of this info may be scheduled to appear in journals sometime.) -- Eric Allender CSNet: EWA @ GATech ARPA: EWA.GATech @ UDel-Relay uucp: ...!{sb1,allegra,ut-ngp}!gatech!ewa ...!duke!mcnc!msdc!gatech!ewa