|
I've been reading the closed down thread about softmodding the 360 and i was intruiged about the digital signature system. reading stuff about a private key and a public key. To sign and decode the signature.
My question is simple... Would it be possible to extrapolate the private key??
Very simple example.
I don't know if the public key CAN BE found (and extracted) from the xbox 360, but let assume it can.
My program would open simply say: Hello world
Would it be possible to randomly generate a key and check if this is a candidate private key.
Then my second program says : Hello world 2
Then would it be possible to randomly generate and check for candidate keys.
Then my third program would say: Hello world 3
Then would it possible to randomly generate and check for candidate keys and with those results extrapolate the private key?
I think i understand that a public key only produces a mathematical result confirming the xex to be signed.
I think i don't understand anything about digital signatures, thats must be why i don't get the dificulty
On wiki it says:
In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures[11]:
1.In a key-only attack, the attacker is only given the public verification key.
2.In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
3.In an adaptive chosen message attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.
They also describe a hierarchy of attack results[11]:
1.A total break results in the recovery of the signing key.
2.A universal forgery attack results in the ability to forge signatures for any message.
3.A selective forgery attack results in a signature on a message of the adversary's choice.
4.An existential forgery merely results in some valid message/signature pair not already known to the adversary.
The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.
1: We have the public key or not?
2 We do have known messages.. They are called Xex files. Not the right choice to launch them, but its the 2nd step
3 we have signatures on xex's and we can launch them. (this is where the example comes into play - getting the simplest of program to run)
1a: Would be nice.
2a: what the hell if not the private key just another key which produces the same results.
3a. This is what i think could be done in less then a thousand years of computation and maybe even without a folding@home network.
4a someone can produce valid code for the processor right??? So we we know what the adversary expects.
I agree i don't know anything. I'm not some mathematical genius. i love programming but i couldn't even code a compression algorithm let alone a decyphering algorith for a private key. Nor do i have the understanding of how much time this takes without quantum computers.
This post has been edited by Chriss179: Dec 14 2010, 04:41 AM
|
Digital Signature, Can any expert on this topic enlighten me?
Dec 14 2010, 04:29 AM
