[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA != RSA?



Basically there are multiple decryption keys, d, that are valid for
any particular encryption key, e, mod N.  I believe the lcm(p-1,q-1)
will force you to generate necessarily one of the multiple d keys.

-derek

Henry Spencer <henry@spsystems.net> writes:

> An addendum...  I wrote:
> > I assume, without immediately being able to prove it, that either version
> > of the decryption key will actually work...
> 
> Sandy Harris of our team promptly came up with a proof.  So the added lcm
> is, presumably, an optimization.
> 
> I'd still be curious to know how this came about, if anybody knows. 
> 
> And this is an interoperability booby-trap that ought to be noted
> somewhere.  It's a limited one, since it involves the private key, which
> isn't traded around a lot... but we ran into it in exactly that way, an
> interoperability failure.  Preferably it should get explicit mention; at
> the very least, the IPsec RFCs should reference PKCS#1 as well as the
> original paper. 
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available


References: