Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:16 ADT
Joshua Hill (jehill@nexis.org)
Tue, 30 Jun 1998 13:24:26 -0700
I'll use the same terminology used in the RSA Laboratories'
Bulletin, as that is the most technical description I've
found.
In the selection of r_i (r sub i), the bulletin says that
`The opponent chooses the values of r_i in an adaptive way.
In particular, the opponent may try to optimize the probability
of getting "good" ciphertexts by choosing r_i in a way that's
dependent on previous "good" ciphertexts.`
How is this adaptive attack performed. (what relationship gives a
good chance of the new r_i also being a "good" guess?)
Also, it mentions that you can infer bits from 'm' using these
"good" guesses. How is this done? Is there any literature
on attacks like this?
Thanks,
Josh
-- -----------------------------Joshua E. Hill----------------------------- | Same old story, | | not much to say; | | hearts are broken every day. | | --Jewel | ------------------------jehill@w6bhz.calpoly.edu------------------------
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:16 ADT