[147902] in cryptography@c2.net mail archive
Re: [Cryptography] Standard exponents in RSA
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Wed Oct 30 16:40:11 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <CADpjbE256cXLz_toJ-9P8Tw5agP-8UUuZFFsJYXVD81VMOOngw@mail.gmail.com>
Date: Wed, 30 Oct 2013 16:27:06 -0400
To: David Mercer <radix42@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
=?iso-8859-1?Q?Hanno_B=F6ck?= <hanno@hboeck.de>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Oct 30, 2013, at 2:39 PM, David Mercer <radix42@gmail.com> wrote:
> I wonder if any performance obsessed fool has been spotted in the wild using an exponent of zero, which would be the RSA version of ROT-13, no?
Actually, that would be 1.
Exponent 0 is the equivalent of using the message itself as its own one-type-encryption pad. Martin Minow, many years ago, wrote this up with a completely straight face for an April 1 issue of some crypto journal. All sorts of nice analysis - such as that this was an ideal one-time-pad, as it added exactly as much randomness to each character of plaintext as there was information in that character. It also had the unique advantage that the output was highly compressible. (The article was published, and drew a bunch of letters from people who didn't check the date....)
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
