Author

Topic: Basic encryption questions (Read 783 times)

sr. member
Activity: 249
Merit: 251
October 04, 2012, 09:16:59 AM
#6
ECDSA cannot be used to encrypt a message, unlike RSA it is only a digital signature algorithm.

I forgot about that. Thank you for reminding me. I should have said ECC.

However, if it is a protocol that makes you check every message to see if it's meant for you, then no, they could not (at least, I don't believe so, but I suppose it is possible that some of the public key encryption schemes could allow you to tell whether or not a message is intended for a certain public key, I am not totally sure on this one).

Ultimately this is the heart of my question. Thank you for your answers!
hero member
Activity: 798
Merit: 1000
October 04, 2012, 02:45:20 AM
#5
If I encode a message with an RSA public key and then transmit it over a completely insecure network, is it possible for an attacker to see that the receiver (known by the public key) received a message?

Is the answer different for ECDSA? Is it different for other public key algorithms?

ECDSA cannot be used to encrypt a message, unlike RSA it is only a digital signature algorithm. Assuming the messaging protocol provides the information of who the message recipient is, then yes they could tell that someone received a message. However, if it is a protocol that makes you check every message to see if it's meant for you, then no, they could not (at least, I don't believe so, but I suppose it is possible that some of the public key encryption schemes could allow you to tell whether or not a message is intended for a certain public key, I am not totally sure on this one).

It is a problem because it would reveal the public key of the recipient to the public which would reveal that the receiver received a message.

Public key cryptography is not intended to address this.
legendary
Activity: 3472
Merit: 4801
October 03, 2012, 09:10:12 PM
#4
Is it possible for an attacker to see that the receiver received a message if the attacker knows the target's public key?
Yes. As a matter of fact it is possible for an attacker to see that the receiver received a message even if the attacker DOESN'T know the target's public key.

Can the NSA tell that Bob received a message if the NSA knows Bob's public key?
As I mentioned, they don't need Bob's public key to know this.

The NSA currently has no reason to harass Alice but if she is sending messages to Bob, they will.
Fortunately, if they are only running exit nodes (and if Alice is careful to not leak her identity), they won't know that the message came from Alice.  They will only know that Bob received a message, but not who it came from.

It is a problem because it would reveal the public key of the recipient to the public which would reveal that the receiver received a message.
It is a public key.  it is already "revealed to the public". That's why it is called a "public" key.  Having the public key isn't necessary to know that someone received a message if the message is sent to them.
sr. member
Activity: 249
Merit: 251
October 03, 2012, 04:29:43 PM
#3
Yes. That's the whole point of using encryption in the first place: for those situations where you know (or at least suspect) that an eavesdropper will see all your messages, but you want the eavesdropper to be unable to determine the content of the messages that they see.

Yes, I do understand that. But I'm not asking about the content of the message. Given only the one message, is it possible for an attacker to see that the receiver received a message if the attacker knows the target's public key?

For example, suppose that the NSA runs every single one of Tor's exit nodes but no other nodes. They can see all exit traffic and only exit traffic. Suppose that Alice sends Bob an RSA encrypted message through an exit node. Can the NSA tell that Bob received a message if the NSA knows Bob's public key? The NSA currently has no reason to harass Alice but if she is sending messages to Bob, they will.

Next question:
I remember reading something about ECC having a property where one could extract the public key from some other piece of information efficiently and that Satoshi wasn't aware of this property. Could someone remind me of this property?
I have no idea what you're talking about. Wait - extract the public key efficiently? How is that even a problem?

It is a problem because it would reveal the public key of the recipient to the public which would reveal that the receiver received a message.
legendary
Activity: 4536
Merit: 3188
Vile Vixen and Miss Bitcointalk 2021-2023
October 02, 2012, 03:22:01 PM
#2
If I encode a message with an RSA public key and then transmit it over a completely insecure network, is it possible for an attacker to see that the receiver (known by the public key) received a message?
Yes. That's the whole point of using encryption in the first place: for those situations where you know (or at least suspect) that an eavesdropper will see all your messages, but you want the eavesdropper to be unable to determine the content of the messages that they see. If you need to prevent an attacker from knowing a message was sent at all, encryption won't help; you need to use other techniques to hide your messages, such as steganography.

Is the answer different for ECDSA? Is it different for other public key algorithms?
No, as that's not what encryption does or is supposed to do.

Next question:
I remember reading something about ECC having a property where one could extract the public key from some other piece of information efficiently and that Satoshi wasn't aware of this property. Could someone remind me of this property?
I have no idea what you're talking about. Wait - extract the public key efficiently? How is that even a problem?
sr. member
Activity: 249
Merit: 251
October 02, 2012, 11:43:03 AM
#1
If I encode a message with an RSA public key and then transmit it over a completely insecure network, is it possible for an attacker to see that the receiver (known by the public key) received a message?

Is the answer different for ECDSA ECC? Is it different for other public key algorithms?


Next question:
I remember reading something about ECC having a property where one could extract the public key from some other piece of information efficiently and that Satoshi wasn't aware of this property. Could someone remind me of this property?

Thank You!

EDIT: I should have said ECC, not ECDSA.
Jump to: