Cyber Security PublicKey Encryption Consider the following

Cyber Security: : Public-Key Encryption.

Consider the following method of encrypting with RSA. To encrypt a message M with public key (e, N), one sets r = H(M) and then computes C = (r||M) e mod N.

In other words, the hash of the message is used to generate the randomness r that is pasted onto the front of the message before applying RSA. Explain why this variant of padded RSA is an insecure public-key encryption scheme.

Solution

I will first point out the weakness of RSA followed by how to fix it by introducing randomness. Then I will present an analysis on why using the hash of the message as randomness is not a good idea.

--------------------------------------------------------------------------------------------------------

RSA encryption is a deterministic type of encryption. It means that there is no random component in the encryption algorithm. This is due to RSA having a strong mathematical structure within it. This deterministic nature results in weakness.

Successful attack against this encryption may involve:

------------------------------------------------------------------------------------------------------

In order to prevent such attacks, randomness is introduced in RSA by means of padding. RSA with padding ensures that even if a single message is encrypted many times, the cipher text looks different each time.

This adds randomness to the algorithm and makes it harder to break.

------------------------------------------------------------------------------------------------------

Suppose the hash of the message is used as the randomness, then the attacker can still use the above attacks by accounting for the hash. After they have decided upon the plaintexts to use for the attack, they can just calculate the hash of the plain text and use that information in their attack.

Therefore, such padding adds no extra security to the RSA. Hence, this variant of padded RSA is an insecure scheme.