Textbook RSA & Why It Is Insecure
Demonstrate malleability, small-exponent attacks, and e=3 vulnerabilities.
Welcome
Textbook RSA (raw modular exponentiation) has multiple critical vulnerabilities. In this lesson we explore each attack and understand why padding is not optional.
Determinism Attack
Textbook RSA is deterministic: Enc(M) always produces the same C. An attacker can encrypt candidate messages and compare with the target ciphertext. Breaks confidentiality of small message spaces.
All lessons in this course
- Textbook RSA & Why It Is Insecure
- PKCS#1 v1.5 Padding & Bleichenbacher
- OAEP: Optimal Asymmetric Encryption Padding
- RSA-PSS for Digital Signatures