Blinding RSA - Maple Application Center

## Blinding RSA

Author
: Martin Monerjan
This Application runs in Maple. Don't have Maple? No problem!
In this worksheet we look at how to get a valid signature on a message the owner of the key-pair (Bob) was not willing to sign. Imagine the following: Marvin (evil) wants Bob (good) to sign a message M. Bob refuses. Now Marvin picks a random Number r and computes an incospicuous Message M'=r^e*M mod N , N being the RSA-Modulus and e Bob's public key. He then asks Bob to sign the Message which he does. Thus Marvin receives the signature S' of M'. Recalling that S'=(M')^d mod N he can now simply compute S=S'/r mod N and yield the valid signature of M. Since we don't use a one-way-hash (MD5, SHA-1) but the simple S=M^d mod N here this is far from being a real threat to RSA

#### Application Details

Publish Date: October 10, 2001
Created In: Maple 6
Language: English

#### Share

This app is not in any Collections

#### Tags

cryptography number-theory