LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the homomorphic (multiplicative) property of RSA, and why is it both useful and dangerous?

RSA is multiplicatively homomorphic: the product of two ciphertexts decrypts to the product of the plaintexts. This enables blind signatures but also allows ciphertext manipulation without knowing the key.

Eve multiplies the ciphertext by 3^e so Bob decrypts 3m, without ever learning m or d

* Knowing only the public key, Eve multiplies in 3ᵉ and Bob silently decrypts 3·m — malleability means RSA alone gives no integrity. *

The property: Given $c_1 = m_1^e \mod N$ and $c_2 = m_2^e \mod N$: $$c_1 \cdot c_2 \mod N = (m_1 \cdot m_2)^e \mod N$$

Decrypting $c_1 \cdot c_2$ gives $m_1 \cdot m_2$.

Attack example (tripling a value):

  • Alice encrypts $m$: $c = m^e \mod N$
  • Eve wants Bob to receive $3m$ instead
  • Eve computes $3^e \mod N$ (she knows the public key!)
  • Eve sends $c' = 3^e \cdot c \mod N$ to Bob
  • Bob decrypts: $(3^e \cdot c)^d = 3 \cdot m \mod N$
  • Eve never knew $m$ or $d$, yet successfully manipulated the message!

Consequences:

  • RSA provides no integrity — ciphertext is "malleable" / "formable"
  • This is why RSA encryption alone is never sufficient — you always need authentication (MAC or signature)

Positive uses:

  • Blind signatures: Sign a document without seeing its content
  • Double signatures: Split the private exponent for multi-party signing
  • Side-channel countermeasures: Randomize computations using the multiplicative property

Go deeper:

From Quiz: KRYPTOG / RSA | Updated: Jul 14, 2026