I am reading RSA cryptosystem from Farouzan book on network security. The author has mentioned that RSA encryption is prone to chosen ciphertext attack. Then why is this algorithm still so popular?
Asked
Active
Viewed 819 times
1 Answers
4
The exact quote from the book is
The basic RSA algorithm is vulnerable to a Chosen Ciphertext Attack (CCA)
So the answer to your question is that we don't use the "basic RSA algorithm" in practice. The basic RSA algorithm is also sometimes referred to as textbook RSA. Textbook RSA is malleable, which is why it is vulnerable to a chosen ciphertext attack. The attack works like this.
Eve has a ciphertext $c$ that she wants to learn the corresponding plaintext $m$ for. She has access to a decryption oracle that will decrypt any $c'\neq c$. So, she chooses a random value $r<n$ and computes $c'=c\cdot r^e\bmod{n}$. Note that since $c=m^e\bmod{n}$, we have $c'=(mr)^e\bmod{n}$ and $c'\neq c$.
Eve submits $c'$ to the decryption oracle, which returns $mr$. Eve now divides this by $r$ to recover $m$.
In practice, no one should use textbook RSA. To thwart this particular attack, we use padding. This removes the malleable property of RSA.
mikeazo
- 233
- 1
- 9