• pycrypto 2.6.1

you can install this libray by

pip install pycrypto

Goal: Implement the textbook RSA algorithm (without any padding)

The code for this part is mainly in rsa.py and it is able to:

• Generate a random RSA key pair with a given key size (e.g., 1024bit) ✅
• Encrypt a plaintext with the public key ✅
• Decrypt a ciphertext with the private key ✅

Goal: Perform a CCA2 attack on textbook RSA. The attak is to gradually reveal information about an encrypted message, or about the decryption key iteself.

In this attack, the server knows RSA key pair and AES key. The adversary knows RSA public key, RSA-encrypted AES key and an AES-encrypted WUP request. More detail can be found on this paper.

The code for this part is mainly in client_server.py and attacker.py. They are able to:

• Simulate the server-client communication. ✅
• Generate history message and they are guaranteed to include RSA-encrypted AES key and an AES-encrypted request. ✅
• Present the attack process to obtain the AES key and further decrypt the encrypted request. ✅

Goal: defend the attack by implementing a RSA-OAEP algorithm.

The code for this part is mainly in utils.py. It is able to add the OAEP padding module to the textbook RSA implementation.

• add the OAEP padding module to the textbook RSA implementation ✅
• give a discussion on the advantages of RSA-OAEP compared to the textbook RSA ✅
• As a bonus, you can futher try to present CCA2 attack to RSA-OAEP to see whether it can thwart the CCA2 attack you have implemented in part 2 ✅

Feel free to run:

python main.py

to see all of the required results.