Having Fun With Crypto: The Blinding Attack: And The Crazy World of Wet Signatures

The world still seems to trust wet signatures over cryptography signatures. Just the other day, I submitted a document for funding, and I…

Having Fun With Crypto: The Blinding Attack And The Crazy World of Wet Signatures

The world still seems to trust wet signatures over cryptography signatures. Just the other day, I submitted a document for funding, and I took a GIF of my signature, and pasted it into a Word document, and then created a PDF, and the recipient was happy that I had signed it. Unfortunately, these days, anyone I can get my signature, and scan it in, and cover it to a GIF, and then pretend to be me. I really don’t understand why we still blindly accept wet signatures on paper, and, especially, on electronic documents. We are taking an old way of doing something, and now trusting it in the digital work. It’s crazy!

So let’s have a bit of fun with crypto, and see if we can trick Bob into signing for a blank check, and for Eve to cash in. And so Eve rushes into Bob’s Office, and tells him that he has won a prize for $100, and all he has to do is to sign a statement that he is the winner:

Unfortunately Eve gets Bob to sign for IOU for $1 million, and immediate starts court proceedings to recover the money. “You signed a document which you said you would give me $1million”, says Eve in court. “Is that your signature?”, she says. “Yes. It is”, say Bob. “Well pay me the money!”.

So can we trick Bob is crypto space? Now Eve has the message (M — “Pay Eve $1 million”) and creates another message:

where e is Bob’s encryption key exponent and r is a random number. Eve gets Bob to sign for this. The signature is then:

Bob gives S’ to Eve, and she just divides by r to get the signature for the original message:

So Eve takes Bob signature and adds it to the original message that Bob wouldn’t sign, and she can prove that Bob signed it. If she is sending to Alice the Banker, she would take the message:

"Pay Eve $1 million"

and add Bob signature for the message (S′/r), and then encrypt everything with Alice the Banker’s public key. Alice will get the encrypted message and decrypts with her private key, and reads the message:

"Pay Eve $1 million"

and she then looks at the signature, and gets Bob’s public key and checks the signature. It will match, so she will pays Eve one million dollars from Bob’s account. So here are the basic steps:

You can try a simple example here:

Blinding attack
import sys import os import hashlib e=79 d=1019 N=3337 r=2 Message='Pay Eve $1 million' print '==Initial values ===='…asecuritysite.com

Coding

In this case we take the salted MD5 hash of the message and then take mod N of it. An outline of the code is:

import sys
import os
import hashlib

e=79
d=1019
N=3337
r=2
Message='Pay Eve $1 million'

print '==Initial values ===='
print 'e=',e,'d=',d,'N=',N
print 'message=',Message,'r=',r
print '\n============='

array = os.urandom(1 << 20)
md5 = hashlib.md5()
md5.update(array)
digest = md5.hexdigest()
M = int(digest, 16) % N

print 'MD5 hash (mod N): ',M

signed=M**d % N
print 'Signed:\t',signed

val_sent_by_eve = M * (r**e) % N

signed_dash =val_sent_by_eve**d % N

print 'Bob sends Eve signature: ',signed_dash

result= signed_dash/r
print 'Eve send signature of:',result

print '\n=== Check =='
unsigned = result**e % N

print 'Unsigned value is:',unsigned
if (unsigned==M):
print 'Success. Bob has signed it'
else:
	print 'Signatures do not compute'

Conclusions

And so, don’t sign things that you don’t trust with your keys. For wet signatures, we need to rid them from our modern world. They have no credibility at all, and need to be replaced by crypto signing, and where we prove our identity with our private key. There are, of course, still risks, but it is almost INFINITELY more secure that wet signatures. At least with key signing we can revoke your signature, whereas you can’t do that with your wet signature.

Here is a related article:

The True Transformation Begins? Smart Contracts, Digital Signing and Law
The area that blockchain, cryptography and digital signing technology will benefit citizens most will probably be in…medium.com

and here:

Governments of the World Need To Stop Seeing Blockchain As a Technology, And Rebuild Trust in a…
We have a problem just now, in that many governments around the world just see Blockchain, Distributed Ledgers…medium.com

Key calculation

Let’s select:

P=47 Q=71

The calculation of n and PHI is:

n=P × Q = 13 × 11 = 3337
PHI = (p-1)(q-1) = 3220

We can select e as:

e = 79

Next we can calculate d from:

(79 × d) mod 3220 = 1 [Link]
d = 1019
Encryption key [3337,79]
Decryption key [3337,1019]

Then, with a message of 688, we get:

Cipher=(688)⁷⁹ (mod 3337)=1570

Decoded=(1570)¹⁰¹⁹ (mod 3337)=688