I have this situation, where, in a game, people send messages to each other (gam
ID: 650193 • Letter: I
Question
I have this situation, where, in a game, people send messages to each other (game moves etc...) These messages need to be encrypted, and should only be readable by the destination person. I am using RSA for this, but, recently I got a doubt. Is it possible that, if the message is one of n possible messages, can somebody with access to the encrypted one, guess the keys used? (Both public and private).
We use keys to ensure the source and destination. So, we encrypt twice, every message. Once with sender's private key, and with receiver's public key on top of it. So, it is doubly secure, and repudiation is avoided. We use RSA only, for both. Is this bad, if the attacker knows the message to be 1 out of n.
Explanation / Answer
I confirm that "encrypt with the private key" in an asymmetric encryption scheme generally does not make sense. It seems that the only reasonable interpretation of "encrypting with the sender's private key" in your setting is that the sender actually signs the message.
Now the attack scenario you describe is not "chosen plaintext attack" but rather known plaintext attack: the attacker knows that the message is one out of n possible, known, messages. For a deterministic encryption, this would allow the attacker to find out what the message actually was, provided the list of n messages is not too big (since the encryption function is public, one can encrypt each of the n messages exhaustively and see which ciphertext matches). However, this is not possible with a standardised version of RSA such as RSAES-OAEP in PKCS #1 where the encryption is made probabilist by the use of an appropriate padding.
Using a standard implementation of RSA would not allow an attacker to recover the keys. The ElGamal scheme is also probabilistic so the same applies.