alice vs bob
TRANSCRIPT
2
VS.
2
Alice
Bob
Never sign random documents and when signing
never sign the document itself sign a cryptographic hash of the document
3
Round Ⅰ
Alice wants to trick Bob into signing a message m
She computes m1 and m2 such that…
(m1 × m2) mod nBob = m
She has Bob sign m1 and m2
Alice then multiplies the two signatures together and reduces mod nBob, and she has Bob's signature on m
4
nAlice = 95, eAlice = 59, dAlice = 11
nBob = 77, eBob = 53, dBob = 17
She asks Bob to sign m1 = 5
{ m1 }dBob = m1dBob mod nBob = 5 17 mod 77 = 3
Then she asks Bob to sign m2 = 17
{ m2 }dBob = m2dBob mod nBob = 17 17 mod 77 = 19
5
Alice now computes…
m = (m1 × m2) mod nBob = (5 × 17) mod 77 = 8
And…
{ m }dBob = ({ m1 }dBob × { m2 }dBob) mod nBob =
(3 × 19) mod 77 = 57
Cathy is called and she computes…
{ { m }dBob }eBob = ({ m }dBob )eBob mod nBob =
57 53 mod 77 = 8
6
7
1-0
77
Messages that are both enciphered and signed should be signed first,
then enciphered
8
Round Ⅱ
Alice sends Bob her signature on a confidential contract m
c = (meBob mod nBob)dAlice mod nAlice
Bob wants to claim that Alice sent him the contract M
He computes a number r such that…
Mr mod nBob = m
Bob then republishes his public key as…
(reBob , nBob)
!
9
Alice agree to sign the contract 6. She first enciphers it, then signs it:
(653 mod 77)11 mod 95 = 63
Bob, however, want the contract to be 13
He computes an r such that…
13r mod 77 = 6 ➝ r = 59
10
!
He then computes a new public key…
(r × eBob) mod φ(nBob) = (59 x 53) mod 60 = 7
He replaces his current public key with (7, 77) and resets his private key to 43
nBob = 77, eBob = 7, dBob = 43
He now claims that Alice sent him contract 13
Cathy takes the message 63 and deciphers it…
(6359 mod 95)43 mod 77 = 13
11
121212
1-1