Vulnerabilities
Being:
M - plaintext message
N = p*q = primus number 1 * primus number 2
When encrypting with low encryption exponents (e.g.e=3) and small values of the
M, (i.e. m < n^(1/e) ) the result of M^e is strictly less than the modulus n. In this case,
ciphertexts can be easily decrypted by taking the th root of the ciphertext over the
integers.
Because RSA encryption is a deterministic encryption algorithm (i.e., has no random
component) an attacker can successfully launch a chosen plaintext attack against the
cryptosystem, by encrypting likely plaintexts under the public key and test if they are
equal to the ciphertext. A cryptosystem is called semantically secure if an attacker
cannot distinguish two encryptions from each other even if the attacker knows (or has
chosen) the corresponding plaintexts. As described above, RSA without padding is not
semantically secure.
Wiener’s attack:
Uses the continued fraction method to exploit a mistake made in the use of RSA.
This error could be exploited when users are doing transactions using credit
card or mobile devices such as phones. The public-key cryptosystem RSA is frequently
used for security applications such as email, credit card payments,
login network access and so on.