Yao and Dolev in~t show that PKC protocols which are secure against a passive eavesdropper, are insecure even in presence of saboteurs; users whose behavior is restricted to applying certain well defined operators to the binary strings they exchange.We discuss two weaknesses of the PKC model in presence of arbitrary behavior on the part of users and cvphertext attacks. 1.2 The Insecurity of the PKC Model
The Diffie and Hellman modelLet M be a finite message space, and A, B.. users in the network. Every user, C, publicizes an encryption function Ec:M~M in a public file and keeps secret a decryption function Dc such that Dc(Ec(m»=M for m EM. E c is a trapdoor function; easy to evaluate, but hard to invert unless some secret is known. The secret is C's private information. When user B wants to send a message m EM to C, he sends Ec(m). All users in the system send -messages to C using E c .This model is by definition secure against a passive eavesdropper; an adversary who knows the encryption algorithm, can read and store th.e cyphertext by tapping the lines, and whose objective is to get the cleartext. However, their model is not as secure against more sophisticated eavesdroppers such as 1) Users adversarys who can read, store, and send encrypted messages. They have publicized a legal encryption algorithm in the public file, and thus we must assume that they are always capable of sending and receiving messages from all other users in the system. They may also try to impersonate other users.2) Chosen Cyphertext Attacks adversarys who can read and store messages, and have use of the decoding equipment. Thus, they can produce polynomial number of chosen cyphertext pairs of ( cyphertext, cleartext ).
Introducti.onDiffie and I-Iellman introduced in~the model of a Public Key Cryptosystern for solving the following problem in a communication network::"Establishing A private conversation, between two individuals regardless of whether they have ever conlffiunicated before. "Is] Briefly, we describe the:ir model,
AbstractThe Diffie and Hellman model of a Public Key Cryplosystem has received much attention as a way to provide secure network communication.In this paper, we show that the original Diffie and Hellman model does not guarantee security against other users in the system. It. is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme.This weakness depends on the bit security of the encryption function. For the RSA( Rabin) function we show that computing, from the cyphertext, specific bits of the cleartext, is polynomially equivalent to inverting the function( factoring ). As for many message spaces, this bit can be easily found out by communicating, the system is insecure.We present a modification of the Diffie and Hellman model of a Public-Key Cryptosystem, and one concrete implementation of the modified model. ...
