Why and how to establish a private code on a public network

TLDR: It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme.

Abstract: The Diffie and Hellman model of a Public Key Cryptosystem has received much attention as a way to provide secure network communication. In this paper, we show that the original Diffie and Hellman model does not guarantee security against other users in the system. It is shown how users, which are more powerful adversarys than the traditionally considered passive eavesdroppers, can decrypt other users messages, in implementations of Public Key Cryptosystem using the RSA function, the Rabin function and the Goldwasser&Micali scheme. This weakness depends on the bit security of the encryption function. For the RSA (Rabin) function we show that computing, from the cyphertext, specific bits of the cleartext, is polynomially equivalent to inverting the function (factoring). As for many message spaces, this bit can be easily found out by communicating, the system is insecure. We present a modification of the Diffie and Hellman model of a Public-Key Cryptosystem, and one concrete implementation of the modified model. For this implementation, the difficulty of extracting partial information about clear text messages from their encoding, by eavesdroppers, users or by Chosen Cyphertext Attacks is proved equivalent to the computational difficulty of factoring. Such equivalence proof holds in a very strong probabilistic sense and for any message space. No additional assumptions, such as the existence of a perfect signature scheme, or a trusted authentication center, are made.