In this lab you will be implementing a timing attack on a simulated "smart card" RSA implementation in order to recover secret/private keys used in the decryption process. You will be implementing a chosen ciphertext attack (known ciphertext and known modulus) and will have access to the code that performs the decryption. You may work in groups of 2-3 people for this project. If you would like a unix group set up for your project members then please create and populate your group using the grouper tool.


The details

• Here is a link to the skeleton attack implementation code . You will be implementing the attack by inserting code into the function void dta(exp_t) in dta.c.
  

• Running make on a *nix system with the openssl library installed will give you the executable dta. Running ./dta -v -e exp.txt will run the program in verbose mode using the secret key value from exp.txt. You can investigate the code to see what the other command line options do. It may seem odd that we are giving you secret keys, since that is what you are supposed to be finding. However, these are for testing; you use the input files to provide a sample private key for the decryption process, then see if your code can successfully recover it. We provide three input files: exp.txt, exp2.txt, and exp3.txt. What you turn in to us will be the code implementing your attack, allowing us to grade it's performance against any number of secret exponent keys, up to 1024 bits long.

• The simulated RSA implementation is located in model.c (look at functions modexp, modexp_z, and modmult). 

• Your implementation needs to recover secret exponents up to 1024 bits long in under 10 minutes. (We will terminate your program at 10 minutes.)

• You can use any of the provided functions -- or not, as you choose -- but you will be turning in dta.c and it must compile with our code on attu.cs.washington.edu. (I.e. all your changed code must be in dta.c.