question archive 1) Let (3, n) and (d, n) where d = 3-1 mod φ(n) be a pair of 2048-bit RSA public and private keys respectively

1) Let (3, n) and (d, n) where d = 3-1 mod φ(n) be a pair of 2048-bit RSA public and private keys respectively

Subject:Computer SciencePrice: Bought3

1) Let (3, n) and (d, n) where d = 3-1 mod φ(n) be a pair of 2048-bit RSA public and private keys respectively. To sign a message m using RSA PKCS1 v1.5 requires one to form the block B

B = 01 0xFF ... 0xFF 0x00 ASN1 H(m) where H denotes the SHA-256 hash algorithm and:

  • ? 01 is a two-byte value indicating PKCS1 mode 1 is being used
  • ? 0xFF ... 0xFF is a variable length padding block (each padding byte is set
  • to 0xFF) to pad up if necessary so that the size of is equal to the size of
  • (256 bytes in our case)
  • ? 0x00 is a one-byte end of padding block indicator
  • ? The ASN1 field encodes the hash function that is used to hash the message
  • (this is a 19-byte fixed value for SHA-256)
  • Then the signature is Bd mod n. To verify the signature, the following steps are executed:
  • Step 1: Compute s3 mod n.
  • Step 2: Check the block from left to right:
  • o If the leftmost two byte is not 01, reject the signature.
  • o Skip all 0xFF until one hits 0x00. Skip 0x00 and check the ASN1
  • code, reject the signature if it is not the SHA-256 identification
  • code.
  • o Otherwise read the next 32-byte and compute the SHA-256 value
  • of m. Compare these two values, if these values are not equal
  • reject the signature.
  • o Otherwise accept the signature.
  • Show that given the public key <3, n>, an attacker can forge the signature on any message of the attacker's choice. 

pur-new-sol

Purchase A New Answer

Custom new solution created by our subject matter experts

GET A QUOTE

Related Questions