
Issues with Raw RSA
Issues with Raw RSA ę´ë ¨
Raw or âTextbookâ RSA soon turned out to be insecure when two major weaknesses were discovered.
The operations involved in RSA are entirely deterministic, which means that for a given plaintext , encryption always produces the same cipher text
An eavesdropper or an attacker, say Eve, can guess or derive plain texts by exploiting the predictability of outputs. Since RSA encryption is a public operation, an attacker can encrypt likely messages and compare results to a target cipher text - a trivial chosen plaintext attack.
Besides this, textbook RSA is also malleable. This means that its algebraic structure allows attackers to manipulate cipher texts in meaningful ways. For instance, given a cipher text , an attacker can multiply it by the encryption of a known value (say, ) to produce a new cipher text , which decrypts to the plaintext . When the legitimate receiver decrypts , the result is , from which the attacker can often recover .
Letâs understand these vulnerabilities with a small practical example.