Abstract
We introduce a hypothetical situation in which low-exponent RSA is used to encrypt IP packets, TCP segments, or TCP segments carried in IP packets. In this scenario, we explore how the Coppersmith/ Howgrave-Graham method can be used, in conjunction with the TCP and IP protocols, to decrypt specific packets when they get retransmitted (due to a denial-of-service attack on the receiver’s side). We drawconclusions on the applicability of the Coppersmith/Howgrave- Graham method, its interaction with “guessing”, and the difficulties of building a secure system by combining well-known building blocks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellovin, S., Defending Against Sequence Number Attacks. Internet RFC 1948, May 1996.
Boneh, D., Twenty Years of Attacks on the RSA Cryptosystem. Notices of the AMS 46 (1998) pp. 203–213. http://www.crypto.stanford.edu/~dabo/papers/RSA.ps
Braden, R. (Ed.), Requirements for Internet Hosts — Communication Layers. Internet RFC 1122, October 1989.
Coppersmith, D., Small solutions to polynomial equations, and lowexp onent RSA vulnerabilities. J. Cryptology 10 (1997) pp. 233–260.
Crouch, P.A., A small public exponent RSA attack on TCP/IP packets. Project, University of Bath Department of Mathematical Sciences, May 2001. http://www.p-crouch.com/rsa-tcpip.
Davenport, J.H., Lecture notes at LMS Durham Symposium. http://www.bath.ac.uk/~masjhd/Durham.dvi,ps,pdf
Howgrave-Graham, N.A., Finding Small Roots of Univariate Modular Equations Revisited. Cryptography and Coding (Ed. M. Darnell), Springer Lecture Notes in Computer Science 1355, 1997, pp. 131–142.
Howgrave-Graham, N.A., Computational Mathematics inspired by RSA. Ph.D. Thesis, University of Bath, 1998.
Lenstra, A. Lenstra, H. Lovász. Factoring Polynomials with Rational Coefficients. Mathematische Annalen 261 (1982) pp. 515–534. Zbl. 488.12001. MR 84a:12002.
Morris, R.T., A Weakness in the 4.2BSD Unix TCP/IP Software. Computing Science Technical Report 117, AT&T Bell Laboratories, Murray Hill, NewJersey, 1985.
Nguyen, S. and Stern, J., Lattice Reduction in Cryptography: An update. Proc. ANTS-IV (ed. W. Bosma), Springer Lecture Notes in Computer Science 1838, Springer-Verlag, 2000, pp. 85–112. Updated at http://www.di.ens.fr/~pnguyen/pub.
Shoup, V. NTL (Number Theory Library) for C++. http://www.shoup.net.
Stevens, W.R., TCP/IP Illustrated, Volume 1. Addison Wesley, 1994.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crouch, P.A., Davenport, J.H. (2001). Lattice Attacks on RSA-Encrypted IP and TCP. In: Honary, B. (eds) Cryptography and Coding. Cryptography and Coding 2001. Lecture Notes in Computer Science, vol 2260. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45325-3_29
Download citation
DOI: https://doi.org/10.1007/3-540-45325-3_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43026-1
Online ISBN: 978-3-540-45325-3
eBook Packages: Springer Book Archive