2

Suppose we have an RSA-Oracle that can encrypt and decrypt our input. The the decryption output is equal to: $ (C^d \mod N) \mod 2^n $.
How can I extend the LSB oracle attack, using the using knowledge about the last n-bits of the plaintext?

Jake
  • 33
  • 2
Jamal
  • 21
  • 1
  • 1
    If think the question assumes an RSA decryption oracle accepting $C$, giving $(C^d\bmod N)\bmod2^n$ for $n>1$; and the Q wants to optimize the number of queries to decipher one ciphertext compared to this question. Critic: In RSA, encryption is with the public key, and availability of an encrypting oracle follows (and needs not be an assumption as in the Q). – fgrieu Apr 04 '23 at 13:58
  • Again: the attack with $n=1$ is discussed there. Also, a never related question is there. But until it's clarified what the present question asks, I can't be quite sure one is a dupe of the other. – fgrieu Apr 05 '23 at 11:54

0 Answers0