Iran GPS Spoofing and the RSA Cipher
igb at batten.eu.org
Fri Dec 23 15:33:11 GMT 2011
> Yes, you can in theory construct a PRNG from RSA. You'd however have to be insane to try. RSA is highly computationally intensive, the time of each RSA calculation is variable and it has properties that will trip you up every time unless you are careful (e.g. if your message has few enough significant bits it will pass through RSA encryption essentially unencrypted). Using it this way is of a similar order of foolishness as constructing a cartwheel from toothpicks glued together when you've got a store full of well-seasoned timber waiting to be cut to shape.
> When one thinks of PRNGs one thinks of LFSRs and block ciphers in CTR mode or one of the feedback modes. I have NEVER seen anyone in the literature propose using RSA to construct a PRNG.
Leaving aside the practicalities of the algorithms, an asymmetric system would be attractive for military-grade GPS, as it would mean that the theft and complete analysis of a receiver would not provide the key material for spoofing. There are a lot of military handsets and by definition they are going to be used in hostile environments with a risk of capture, so were it possible to engineer a system where the handsets did not contain the transmission keys that would be a desirable property. As you point out, it might prove very difficult to achieve, but those problems would bring some value as well.
More information about the ukcrypto