4.10 COMMON MODULUS USE CASES

EXERCISE 4.10: COMMON MODULUS USE CASES

Write out an additional scenario when the use of the common modulus attack might be useful to an attacker.

---

Suppose Bob is a software developer. He has a software called XYZ. Suppose also XYZ is a cross platform software that runs on Windows and Android.

The backend of XYZ is at http://example.com.

Suppose that Bob has 2 pairs of RSA keys (private-key-1, public-key-1) and (private-key-2, public-key-2) stored on his server.

Suppose that public-key-1 is baked into the code of the XYZ software Windows version, and public-key-2 is baked into the code of the XYZ software Android version.

Suppose also that public-key-1 and public-key-2 have the same modulus but different encryption exponents.

Suppose that Alice is a user of software XYZ and has installed the software on her PC and phone. Suppose now Alice sends the same message (using HTTP POST method) to Bob on both her PC and phone and Eve intercepts both ciphertext messages.

Eve can then perform the Common Modulus Attack.