有没有一种方法可以改变公钥,使得在进行一些修改后仍然可以使用私钥来解密?

发布于 2024-08-23 02:02:21 字数 304 浏览 14 评论 0原文

在非对称加密方案中,我想知道是否可以实现以下目标:

  1. 鲍勃将他的公钥发送给爱丽丝
  2. 爱丽丝更改鲍勃的公钥并用它加密一些文档
  3. 爱丽丝将加密的文档发送给鲍勃鲍勃
  4. 检索文档但不能用他的私钥解密
  5. 随后,Alice 向 Bob 发送一些附加信息(可能与她用来更改 Bob 公钥的方法有关),
  6. Bob 使用这些附加信息修改他的私钥并成功解密该文档

有人吗?

我假设使用 RSA 来生成密钥、加密和解密,但如果使用其他方案更容易,请随时发表评论。

In an asymetric encryption scheme, I was wondering if it's possible to achieve the following:

  1. Bob sends to Alice his public key
  2. Alice alters Bob's public key and encrypt some document with it
  3. Alice sends the encrypted document to Bob
  4. Bob retrieve the document but can't decrypt it with his private key
  5. Later, Alice sends some additional information (probably related to the method she used to alter Bob's public key) to Bob
  6. Bob uses this additional information to modify his private key and successfully decrypt the document

Anyone?

I am assuming RSA for the keys generation, encryption and decryption but if it's easier to do with another scheme feel free to comment.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

無處可尋 2024-08-30 02:02:21

(我假设您谈论的是 RSA。)

是的,有可能,但不是 100%

公钥是私钥的一部分。它包含密钥的模数和指数。

您可以完全忘记更改模数,因为您必须生成一个新的 rsa 密钥对,这与我们试图解决的问题相同。

但可以改变指数。您可以选择 1 和您的指数之间的任何(素数)数字作为新指数,并希望它与 totient 互质。如果不知道目标,就不可能始终选择正确的指数。要找出目标,您必须知道密钥的主要因素,这意味着您必须打破密钥(玩得开心!)。

因此,实际上不可能有一个 100% 的工作方法来做到这一点,至少在只知道公钥的情况下是不可能的。

如果您需要有关理论的更多信息,请查看此处

(I assume you talk about RSA.)

Yes it is possible, but not 100%.

The public key is a part of the private key. It contains the modulus and the exponent of the key.

You can completely forget changing the modulus, because you would have to generate a new rsa keypair, which is the same problem as the one we are trying to solve.

But it is possible to change the exponent. You can select any (prime) number between 1 and your exponent as the new exponent and hope that it is coprime with the totient. Without knowing the totient it's impossible to select always a correct exponent. To find out the totient you would have to know the prime factors of the key, which means that you would have to break the key (have fun!).

So, it's actually impossible to have a 100% percent working method to do that, at least not while knowing only the public key.

If you need more information about the theory check here

救赎№ 2024-08-30 02:02:21

我希望我的想法能够奏效。

让我们假设 (e,d,n) 是 RSA 公共指数的元组。 RSA 私有指数和 RSA 模数 n

选择一个 1 到 256 位整数之间的质数,例如 p

加密消息m,请将新的公共指数计算为e*p,将密文计算为:

c= m^{e *p} mod n

为了解密,接收者应该知道素数p,所以你稍后将这个p发送给他,他用这个计算

(1)P = p^{-1} mod phi(n)

(2) m^e=c^{P} mod n

最后

m=(m^ e)^d mod n。这是因为接收方知道 phi(n)。

顺便问一下,我们可以在哪里使用这个?您对此有何想法?

I hope my idea works.

Let us assume that (e,d,n) is a tuple of the RSA public exponent. The RSA private exponent and the RSA modulus n :

Select a prime number, say p, between 1 and a 256 bit integer.

To encrypt a message m, compute the new public exponent as e*p and the ciphertext as:

c= m^{e*p} mod n.

To decrypt, the receiver should know the prime p, so you send this p later to him, with this he computes

(1) P = p^{-1} mod phi(n)

and

(2) m^e=c^{P} mod n

and

finally m=(m^e)^d mod n. This works as the receiver knows phi(n).

By the way, where can we use this? Is there any application you have in mind for this?

烟凡古楼 2024-08-30 02:02:21

正如 Silky 在他的回答中暗示的那样,RSA 通常用于加密文档的方式是与对称算法(如 AES)结合使用。为 AES 算法生成安全随机密钥,使用该 AES 密钥对文档进行加密,并且使用接收者的公钥对 AES 密钥进行加密。这两部分均提供给接收者。

您可以根据自己的情况进行调整,只需在第一步中仅发送使用 AES 密钥加密的文档,并在第二步之前保留使用收件人的公钥加密的 AES 密钥。第一部分将按照原始文件大小的顺序,第二部分将是一个小的、恒定的大小(按照 RSA 密钥大小的顺序)。

As silky implies in his answer, the way in which RSA is usually used to encrypt a document is in combination with a symmetric algorithm, like AES. A secure random key is generated for the AES algorithm, the documented is encrypted with that AES key, and the AES key is encrypted with the recipient's public key. Both parts are supplied to the recipient.

You can adapt this to your situation simply by sending only the document encrypted with the AES key in the first step, and withholding the AES key encrypted with the recipient's public key until the second step. The first part will be on the order of the original file size, and the second part will be a small, constant size (on the order of the RSA key size).

小矜持 2024-08-30 02:02:21

嗯,有趣。

我认为您指的是 RSA

仅供参考,RSA 实际上并不用于加密文档。它用于交换密钥(对称算法的密钥,如 AES)。

所以你真正谈论的是一种改变键的方法。

从技术上(数学上)来说,如果你输入不同的数字,你会得到不同的数字。所以这不是问题;以某种方式更改公钥(假设您说服 RSA 实现使用它,或者准备一个适当不同的数字)会产生不同的对称密钥,从而导致 Bob 无法解密文档(因为他会期望不同的密钥)。

但说实话,我不太确定你关心这个。这是一件相当无用的事情。 也许,但是,您实际上对密钥分割感兴趣(或维基百科似乎称之为“秘密共享”)。

HTH。我绝不是专家。

Hmm, interesting.

You're referring to RSA, I assume?

FYI, RSA isn't actually used to encrypt documents. It's used to exchange keys (keys for a symmetric algorithm, like AES).

So what you're really talking about is an approach that changes the keys.

Technically (mathmatically) if you put a different number in, you'll get a different number out. So that's not an issue; changing the public key in some fashion will (assuming you convince your RSA implementation to use it, or prepare an appropriately different number) result in a different symmetric key, thus an undecryptable document by Bob (because he'll expect a different key).

Really, though, I'm not so sure you care about this. It's a fairly useless thing to do. Perhaps, however, you're actually interested in Key Splitting (or "Secret Sharing" as wikipedia seems to call it).

HTH. I'm by no means an expert.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文