dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.2.3 Cycling Attack<br />
The Cycling Attack was one of the first attacks on RSA to be described [43].<br />
As the name of this attack suggests, the way this attack works is by repeatedly<br />
encrypting the cypher text. When Marvin gets c ∼ = m e (mod N), he will en-<br />
crypt the cypher text with the public key and this will lead him to, eventually,<br />
getting an encryption which will be the original cypher text. That is, after l + 1<br />
encryptions, he will have:<br />
c el+1 ∼ = c ∼ = m e<br />
(mod N) (46)<br />
so he will know that the previous encryption is the original plain text, that is:<br />
c el ∼ = m (mod N) (47)<br />
The implementation of this attack resulted in the experimental results shown<br />
in Table 6.<br />
Table 6: Cycling Attack’s Experimental Results<br />
size of N average running time (seconds)<br />
8 0.000012<br />
16 0.000010<br />
32 0.000008<br />
64 0.000010<br />
128 0.000011<br />
256 0.000013<br />
512 0.000011<br />
1024 0.000011<br />
2048 0.000016<br />
4096 0.000015<br />
These results reveal little dependence on N.<br />
This means that, after l encryptions of the cypher text, he finds the plain<br />
text. For this reason, the value l is called the recovery exponent for the<br />
plain text m. So, given a plain text m, all Marvin needs to do is to find its<br />
39