We introduce a hypothetical situation in which low-exponent RSA is used to encrypt IP packets, TCP segments, or TCP segments carried in IP packets. In this scenario, we explore how the Coppersmith/ Howgrave-Graham method can be used, in conjunction with the TCP and IP protocols, to decrypt specific packets when they get retransmitted (due to a denial-of-service attack on the receiver’s side). We drawconclusions on the applicability of the Coppersmith/Howgrave- Graham method, its interaction with “guessing”, and the difficulties of building a secure system by combining well-known building blocks.
Crouch, P. A., & Davenport, J. H. (2001). Lattice attacks on RSA-encrypted IP and TCP. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2260, pp. 329–338). Springer Verlag. https://doi.org/10.1007/3-540-45325-3_29