Alice wants to share a symmetric key with Bob. She encrypts the small (64-bit) secret key $K$ with Bob’s public RSA key $(n,e)$ by padding it with zeroes to 2048 bits (the length of n) and computing $$C\gets(\text{0..0}\|K)^e\bmod n$$ Thereupon, she sends $C$ to Bob. Discuss either why this key exchange is secure or describe an efficient attack that can recover $K$ with far less than $2^{64}$ operations.
Asked
Active
Viewed 124 times
