论文部分内容阅读
本文提出了对RSA密码体制的一种新的攻击方法,与过去的选择密文攻击相比,密码分析者只需要一次性得到一些经仔细选择的密文所对应的明文,然后可以解密其它所有的密文而不需要再求助于授权用户的解密装置。因而,这种攻击方法所需的前提条件较少。这攻击方法比目前己知最好的分解公开模数的算法更为有效。对于使用有限域上求指数运算方法,传送信息的所谓三趟(three—pass) 系统,同样的想法也可产生一种攻击方法。
This paper presents a new attack on the RSA cryptosystem. In contrast to past selective ciphertext attacks, the cryptanalyst only needs to obtain plaintexts of carefully selected ciphertexts one at a time and then decrypt all others Ciphertext without the need to resort to the authorized user’s decryption device. Thus, the prerequisites for such an attack are less. This attack method is more effective than the best known algorithm for decomposing open modules. The same idea can also produce an attack on a so-called three-pass system that uses exponential arithmetic over finite fields and sends information.