What exactly is Return of Coppersmith Attack and how does it affect cryptographic security?

342 views

What exactly is Return of Coppersmith Attack and how does it affect cryptographic security?

In: Technology

ROCA is a method for defeating public key infrastructure.

Public key encryption is most often used to sign data. The data is hashed using public method (summarized in a fixed length, like a phone number). Then, a private key encrypts this hash into a “signature” only the private key holder could have made. The reciprocal public key lets other people decrypt the signature and compare the result with the hash of the “signed” data they can figure out on their own. If they’re the same, it’s mathematically impossible the private key holder didn’t “sign” the data.

The attack basically tries to find a pattern to deduce the private key. A poor forward encryption method that takes the data hash and private key can give hints. For example, if the hash is always just multiplied by 2 and the forward encryption function multiplies the hash by the private key you know the private key is 2. Its way more complicated irl but that’s the gist. Once they have the private key they can “sign” fake data maliciously, like making an e-transfer look legit.