Nice Coder 366 Report post Posted December 2, 2004 Ok, i've been doing a little (lot) of thinking lately. This is what i've been thinking about. C_{i}^D mod n = M_{i} C_{i}^D = M_{i} + X_{i}N D = log(M_{i} + x_{i}N) / log(c_{i}) Now we have multiple i, multiple c, and multiple m. There are also multiple unknowns (x's) and one static unknown (d). It should be possible to recover d using that information. We also know e, and that DE is divisible by (p-1)(q-1) So, D should be divisible by ((p-1)(q-1)) / E and that C_{i}^D is equal to N mod N. For ALL C There is a relationship. its just hard to find. Ok, thought. Find two c's so that log(c_{i}) is = 2(log(c_{j})) That then means that the log of M_{j} + x_{j}N must half the value log m_{i} + x_{i}N. Are these ok, interesting, or have i gone insane [grin]? From, Nice coder [Edited by - Nice Coder on December 2, 2004 5:31:48 AM] 0 Share this post Link to post Share on other sites
Winograd 380 Report post Posted December 2, 2004 Quote:Original post by Nice CoderFind two c's so that log(c_{i}) is = 2(log(c_{j}))That then means that the log of M_{j} + x_{j}N must half the value log m_{i} + x_{i}M + xNn.log(c_{i})=2*log(c_{j})==> c_{i}=c_{j}^2 0 Share this post Link to post Share on other sites
Nice Coder 366 Report post Posted December 2, 2004 Winograd:Thanks for that.Does that mean that mj + xjn is the sqr of mi + xin (lousy typos...)From,Nice coder 0 Share this post Link to post Share on other sites
Winograd 380 Report post Posted December 2, 2004 If c_{i}=m_{i} + x_{i}N and c_{j}=m_{j }+ x_{j}N, then yes. 0 Share this post Link to post Share on other sites
etothex 728 Report post Posted December 2, 2004 I just read this over quickly, because I'm in a hurry, but it seems what you did was reduce the problem down to a log function.The problem is now, you have to calculate the log of that mercilessly giant number :) Which means that you've substituted one nearly impossible problem for another.Granted, that's the way mathematics works. Gotta keep trying new stuff. 0 Share this post Link to post Share on other sites
Nice Coder 366 Report post Posted December 2, 2004 Ok. (ther post got eaten... GRRR)How exactly are logorithms calculated? What is the fastest way?log(Mi + xiN) / log(ci) = log(Mj + yjN) / log(cj)Ok, so (Log(mi + xi) + log(n)) / log(ci) = (log(mj + yj) + log(n)) / log(cj)So nowlog(mi + xi) / log(ci) + log(n) / log(ci) = log(mj + yj) / log(cj) + log(n) / log(cj)Ok ,lets do a few thingsfirstA = log(n) / log(ci) andB = log(n) / log(cj)Both a and b are known. (because we have the c's and n).So nowLog(mi + xi) / log(ci) + A = log(mj + yj) / log(cj) + Bok, we have two unknown (x & y) in this. But they are ralated.ok, this is for two numbers, ci and cj. we can make as many numbers as wer need to.Now, this problem is getting simpler and harder (from my pov).X & y have been taken away form n.(simpler for bruteforcing), but its harder (lots of logs AHHH! I need to know more about them...).How could i seperate log(mi + xi)?Edit:Ok, logs are good, logs are great.When log(z) goes up 1, z gets 10For eg. the log of a 64 bit number is about 44. and log(2^80) is 55. so, it should be simple to work these out. (i don't know about the log of 2^1024 tho...)The log of 2^512 is only about 354. so [grin].Perhaps a guess, check and refine method would work?Guess some x, form that, use the equasion to find y. if y isn't an integer, find another x.if it is,Calculate C^D (Value of either side of equasion)Z = C^D - M (for message/cyphertext combo)Z = Z / NYou then use that Z for another X. Keep working until you've found an answer that works.Is this method pretty good?How can it be improved?From,Nice coder[Edited by - Nice Coder on December 2, 2004 11:19:39 PM] 0 Share this post Link to post Share on other sites
jperalta 356 Report post Posted December 3, 2004 Are you attacking RSA (integer factorization) or the discrete logarithm problem? 0 Share this post Link to post Share on other sites
Charles B 863 Report post Posted December 3, 2004 As far as I remember, both problems (RSA reversing and discrete log) are equivalently hard, as already stated. 0 Share this post Link to post Share on other sites
etothex 728 Report post Posted December 3, 2004 Quote:Original post by Charles BAs far as I remember, both problems (RSA reversing and discrete log) are equivalently hard, as already stated.Now, don't quote me on this, but the discrete log is an even harder problem than rsa reversal. That's why ElGamal and the newer discrete log algorithms work well. 0 Share this post Link to post Share on other sites
Nice Coder 366 Report post Posted December 3, 2004 I'm trying to reverse rsa to get the message out of a given cyphertext. (for when you can't just go an do a table lookup of the values, ie. when there encrypting 64 or 128 bits at once.)Ok, i seem to get what the descrete logorithm is, but i don't see how it effects this. What i readOk.Log(mi + xi) / log(ci) + A = log(mj + yj) / log(cj) + BSo, if i have x, and i want y, how would i go about it?i know log(mi + xi) and log(ci) and A.As well as log(cj) and bSo, would yj = 10^((D - b) * log(cj)) - mjbw ok?Where D is the value of the rhs (once we guessed xi). (which is D, the decryption key.)?So, for any x, we can find the decryption key, by finding some integer value of yj, for all j.I think...From,Nice coder 0 Share this post Link to post Share on other sites
Nice Coder 366 Report post Posted December 3, 2004 Quote:Original post by jperaltaAre you attacking RSA (integer factorization) or the discrete logarithm problem?I'm attacking RSA, in a different way. I'm not going to factorize N to get PQ, to get d, i'm going to use N, E and some Cyphertext/plaintext combos that are made using e, to get d, to decrypt the message!. (and if i happen to stumble across one of the numbers in the cyphertext i'm tring to decryrpt, so much the better!).Thinking:From my Descreet Log thread. (which is only moy post of ideas... :(D = log(a + n) / log(x)Where X^Y mod n = aThis works if (i'm not sure yet... i need to know more maths) log(a + z) and log(x) are integers.I'm not sure what i can do if only log(a + n) is an integer, or log(x) is an integer.Now once this works,We haveD = log(a + n) / log(x) = log(b + n) / log(y)Where x & y are the cyphertext, n is the modulus, aand a & b are two cyphertexts.Now, we find two x & y's so thatlog(x) = 10 &log(y) = 100D = log(a + n) / 10 = log(b + n) / 100log(a + n) = log(b + n) / 10log(a + n) = log(b + n - 1)I'm not sure of these tho.[grin]From,Nice coder[Edited by - Nice Coder on December 4, 2004 12:24:24 AM] 0 Share this post Link to post Share on other sites