RSA-1024 encryption is strong and i agree that their attempt to break it will result in vain.

the pratical way is to recover deleted files from harddrive with software tools and probably some special devices.

but, an ounce of prevention is worth a pound of cure. be more careful with security. back up data in a few various places. that's the best advice.

If someone pays the ransom, they should provide Kaspersky with the decryption tool in case the same encryption key is being used for multiple victims.

Any ideas if running as a limited user (as you suggest) will help prevent this?

> Any ideas if running as a limited user (as you suggest) will help prevent this?

Actually this is one of the few attacks that limited users do not prevent. Basically limited user prevents administrative change to the system. Ransomware attacks encrypt user data and require no administrative rights to operate.

I have not verified if this specific attack requires administrative access but as a class they do not.

M

It would therefore seem that the best defense to this new threat is backing up your files.

Be sure they haven't been scrambled before backing them up.

OBVIOUSLY A MAJOR KEY TO BREAKING THIS PARTICULAR ENCRYPTION SYSTEM WILL BE HAVING SAMPLES OF BOTH SCRAMBLED AND ORIGINAL MESSAGES AVAILABLE.

FORWARNED IS FORARMED.

ASA LIVES.

If the crypto was implemented properly, there's no way anyone will be able to crack it -- so obviously the focus of effort should be on finding errors in the implementation. 1024-bit RSA is out of reach in timeframes under several years, probably even for 3-letter government agencies.

Alan -- the way ransomware usually works is that the 1024-bit public key in the malware encrypts a randomized symmetric key that is used to encrypt data. The ransomed recovery tool submits the encrypted key to a host controlled by the attacker which has the private key, and then returns the unwrapped symmetric key. So the tool itself doesn't help because it doesn't have the private key. The only way to beat this is for law enforcement to find the attacker's server and recover the private key from that.

"OBVIOUSLY A MAJOR KEY TO BREAKING THIS PARTICULAR ENCRYPTION SYSTEM WILL BE HAVING SAMPLES OF BOTH SCRAMBLED AND ORIGINAL MESSAGES AVAILABLE."

It seems to me that if Kaspersky has a copy of the malware, they can generate unlimited quantities of ciphertext data with known plaintext.

It won't help, though. They won't be able to recover the private key unless they compromise the host where it is stored, or there is a flaw in the implementation that can be exploited to beat the system.

Folks, it has now been over 2 weeks, where if I am using the Firefox browser in making posts to the WaPo, AT SOME POINT in the post, random letters start getting posted instead of what I am typing.

That just happened again now and clearing my browser cashe did not resolve the matter.

The only thing that does resolve the matter is using Opera and there are times when I use Opera, i.e., last night, where the post cannot be made because the COMMENT says that Post for this item are closed -- usually with only several items there.

When I previously spoke with Brian, he didn't seem to be having this issue. Anyone else noticing anything like this?

Does anyone know how this virus is being spread? like email, infected websites ect..?

They won't be able to recover the private key unless they compromise the host where it is stored, or there is a flaw in the implementation that can be exploited to beat the system
-------------------------------------
Three ways to break crypher systems.

1. Steal the code book, etc, i.e., Enigma in WWII.

2. Exploit flaws in implimentation if they can be found/recognized.

3. Have the decrypt key/formula.

4. Have mucho copy IN COMBINATION with the original.

5. Compromise the host.

HAVE I MISSED ANYTHING -- Obviously 4 is not the easiest method.

2.

01568 33479 23690 -- example 1

de&"( ghy&& cqcqr -- example 2

lj65& 9i7hT UxXc" -- example 3

HuW Id 6h(" &&hljY -- example 4

example 1 - 5 character number coded groups

example 2 - 5 character letter/special extended alphabet [i.e. Russian, Arabic, etc.] coded groups

example 3 -- 5 character combination coded groups

example 4 -- random length coded groups [suggestive of direct language coding]

NONE OF THESE EXAMPLES CAN BE MEANINGFULLY BROKEN BECAUSE I TYPED ALL OF THEM AT RANDOM AND THERE IS NOT ENOUGH COPY FOR EACH EXAMPLE, THOUGH EXAMPLE 4 IS THE EASIEST TO BREAK GIVEN ADEQUATE COPY AND A KNOWLEDGE OF THE PROBABLE SOURCE LANGUAGE.

The cat jumped over the moon.

Iu& $dI pi("&f [etc] Type 4 encoding.

RSA-1024 -- never used it. Does it encrypt to 5 letter/number groups or follow the actual word length -- I think it is the later, correct?

My concern would be that whoever is doing this is not using the same code for everyone, so breaking it would be FINANCIALLY prohibitive.

Yes, you did miss other things...

Offer a rewardss for the capture of the machine with the master key(s) and or the creator.

Find a good telepathist or psychic.

Pay lots of individuals who build these types of things and hope they stumble upon a solution...

Start using all the Internet Servers online as one big cluster computer, so it can do a Petaflop of computing...

Send out a probe to return more advance alien technologies which can break this...

Get the creator to have remorse...

Actually, the list is endless when you think about it...

Ps. why not make computers secure, and things like this wouldn't become an issue unless idiots did it to themselves here?

Hopefully, the creator will not become a sleeper cell like terrorist who uses a trigger to activate his or her time bomb.

ARROW --

I think that we can agree that any number of copycats could exist in this situation.

Even IF law enforcement can find some of these types [which they can] the question there is one of priority. The amount of extortion money being requested is not disclosed and may vary widely.

Even the best anti-virus with the best anti-spyware software is behind the curb, of necessity.

THUS, IT APPEARS THE ONLY PRACTICAL SOLUTION IS BACKING UP WHAT ONE CANNOT AFFORD TO LOSE, AS OFTEN AS THAT IS NECESSARY.

You're allegedly not a 'pro' [sic] until you have lost data, but I think that most of this kind of loss is avoidable, is it not? I recall the pleasure of encrypting some of my files and like an idiot, I later could not find the decrypt code. The lesson is don't be a clutz [we all occasionally are] and back up your files.

I'm sure common individuals would get upset, having their data become locked by unauthorized encryption. But, just imagine a foreign state launching it's attack (cyber warfare) on say another government, where it's data isn't as easy to recover, especially the financial institutions or military applications.

Ps. I thought of another method too. Just pay the ransom, so you can trace back where the money goes, and find the individual or organization.

Encryption might prove more difficult then tracking someone down. Where servers records the IP records (IPV6) so as to discover the source?

There's always a way, as nobody is perfect. Wouldn't it be nice to turn the tables on this guy or gal, and encrypt their financial holdings in return?

What if someone just on purpose encrypted your data for the sake of never decrypting it, then they wouldn't need to insure a means to worry about master keys, as one could multiply them using different keys or even have the victims PC do that for them...

So while your looking for one key, there's 20 more to break, and all different, different order etc...

Heck, when you think about this, one could even rewrite how the data is kept on the hard drive, such as to not use NTFS, HFS+ but something else that isn't even known.

So if you cannot access the data, how you gonna break it? What's to stop anyone from doing this, in a hidden partition, so even the data is no available in the operating system, by file format and with encryption?

We need to deal with this now, as I understand rather than later when we find ourselves over our heads here.

Most individuals wouldn't even know their data was encrypted by an unauthorized attacker until trying to access that data later right?

Mango> They won't be able to recover the private key unless they compromise the host where it is stored

If they can recover the symmetric key they needn't bother with the private key. Assuming that a symmetric cipher is indeed used in the traditional way (because RSA is much slower than a symmetric cipher), it may actually be possible to predict or recover this symmetric key through a number of methods, e.g. through a known plaintext attack or by finding a weakness in the entropy source (see the recent Debian/openssl story for example).

brucerealtor, however, needs to read up on encryption, e.g. AES-256 with feedback or in counter mode is going to be uncrackable with current technology no matter how much plaintext you have to work with. With DES in ECB mode, on the other hand, you've got a fighting chance.

Before some crypto newbie responds with "but the article says it's RSA-1024, not DES or AES," please go read up on how symmetric and asymmetric (public key) crypto is used in practice:

http://en.wikipedia.org/wiki/Rsa#Speed

However, as d suggests, backups are better, and protect against disk failures.

Brian, you've written "1028" in a couple of places where you mean "1024".

I would be worried about backing up my data, as couldn't I also be backing up the same element that would cause this sort of thing to occur again?

I mean, how would anyone even known when NOT to do a backup, because you are infected?

Encrypting data, is considered normal for a lot of institutions, so how to know if that data was actually your encrypted data and not say someone else's encrypted data?

And wouldn't anyone also be exposing their backup system, when connecting and communicating with say an inflected system here?

I think for this and all the above reasons, one solution might be best to just run in virtual machines, as the last proven working state can be saved and this doesn't effect in most cases the host system. Meaning just, snapshots would be faster to continue on than having to restore back images, well maybe, I just really don't know.

Data is data, so it's only useful when your using a system that has access. If I unplug everything, it's more safe, but of little value for using here.

I guess we can only lower our risk is all. That's not so comforting to me, when you have important data to keep such as your financial transactions with your clients.

William T. Brown> I mean, how would anyone even known when NOT to do a backup, because you are infected?

A proper backup strategy includes multiple incremental checkpoints; it's not supposed to just be a single extra copy of everything.

It wasn't long ago, even Windows passwords were thought to be difficult to crack, but then with the right insight to how all this works, it's proven not to be difficult after all now.

And even if you did use more than 15 characters plus, the rainbow tables do the trick just in a clever way that saves lots of time to decode. Not not decrypt but decode.

Perhaps, all it takes is just some new insights to how this process happens here?
Just as there are process monitors, so could someone record the bits and bytes running in a PC and then reverse engineer all this back to the point of discovering the instructions used to do this in the first place, right?

Computers are good at this, keeping records, and for analyzing differences. Someone just needs to set a trap, and record it perhaps?

A few obvious questions that nobody seems to be asking...

Q - It's dumb to encrypt the files. Why not just delete them?
A - Obviously, money. "Pay us and you'll get them back."

Q - But we WILL get the files back if we pay these people off, right?
A - Good question... but then, the Nigerian scam basically boils down to "pay us enough, and you'll get xy (eventually)." I see the same possibility here.

Why does the headline say 1028 bit? Is that binary for arbitrary large value of 2?

Also, some of the people here seem to misunderstand the mechanics of encryption.

"If we obtain/debug/reverse-engineer the encryption algorithm, can't we figure out how to decrypt?"

No. In RSA encryption you have two keys, one to encrypt and another to decrypt. Having the wrong key won't get you anywhere, because you can't figure out the other key by looking at the one you have. It's specially designed that way.

Can't yahoo simply close down that email account? And no one can EVER decode their encrypted files?

Can't they trace who collects the money
from the credit cards, paypal, google, and other pay methods?

@alan -- You can buy a single copy of the decryption key from the extortionists to decrypt the data on one infected machine, but that key is not going to work for any other system.

There is an alternative.

Use a virtual machine (qemu is free) when surfing the web, for added security. reduce your security footprint. use the virtual machine for all network related communications by installing a second OS on it.

I got hacked, and now I'm even more paranoid, because I barely recuperated, and I thought it couldn't happen.

maybe the place to start is to track his movements via the yahoo email system.

antibozo thanks for your understanding here. I'm not any expert, we the majority of us are when it comes to actually using our workstations here at work. We just use them for what needs to be done.

I'm just wondering even when you make multiple incremental checkpoints, isn't that just by adding what's new from last, creating different images, so you can pick at what point to restore, rather than a complete full backup, right?

The problem iI see with that, is in that you still will need to discover at what point the infection occur, in order to restore? Maybe I am missing something here?

How does anyone know when backing up if their encrypted data was of their own doing, until you actually access it to confirm all is well?

I would think, unless everything was encrypted at once, those individual files, would make it more difficult to spot?

And what tools do we have to verify our data when encryption is still our data, unless we start using hash checksum values perhaps, so as not to launch the application and actually run the or access the data directly to verify it's working right?

One thing is sure, I sure don't want to get ransomware!!!!

Why not ask NSA to break the encryption as a public service? I'm confident they have the resources to do so.

Best hope is the new Roadrunner supercomputer owned by the (DOE) Department of Energy.

"WASHINGTON (AP) -- Scientists unveiled the world's fastest supercomputer on Monday, a $100 million machine that for the first time has performed 1,000 trillion (or one petaflop) calculations per second in a sustained exercise.

The technology breakthrough was accomplished by engineers from the Los Alamos National Laboratory and the IBM Corp. on a computer to be used primarily on nuclear weapons work, including simulating nuclear explosions.

The computer, named Roadrunner, is twice as fast as IBM's Blue Gene system at Lawrence Livermore National Laboratory, which itself is three times faster than any of the world's other supercomputers, according to IBM."

When will we at least just follow the money? When are we going to get serious and hunt these ba$tards down and dump them into the dungeons of Turkey. Until we do that, we are just playing chess with a master and he loves the game. It is time to stop playing games and get serious about getting the perps and then inflict some real punishment. What is the true cost of tens of thousand people getting infected and having to cough up hundreds of thousands (millions?) of dollars to get well. Put this crime right up there with pain it inflicts like bank robbery. Make it 20 years to life and get some real cyberkungfu-testostrone hunting these a$$ holes down. Create rewards systems like tax breaks and cash rewards for locating them and get Yahoo etc to freely share the logs. And if they dont, sue them for complicity for the damages. Do something!

incredulous> get Yahoo etc to freely share the logs.

What do you think that will reveal? People who do this sort of thing never reveal their own IP--they use anonymizers and proxies, sometimes multi-layered. Even if you could track down the IP through the multiple layers and ISPs in various countries (all using DHCP-assigned addresses and logging in different timezones), you would then have to get an international police case started and followed through based on the tenuous thread of that IP.

Following the money is going to be similar; once people have access to other people's accounts, through phishing, keystroke loggers, etc., you don't know where the money is really going unless you have time to track it down through who knows how many levels of indirection.

All that to protect people who run insecure computers and don't back up their files? Okay, it's crime, and it's reprehensible, but I'd rather have the FBI folks who would be tasked with this problem focused on hunting down the international kiddie-porn scumbags. It sucks, but law enforcement for international computer crimes is spread mighty thin, and we have to have priorities.

If you really want to "Do something!", get your friends and family to stop using Windows, and help them set up a proper remote backup regimen for the important stuff. Remote backup is one of the key benefits of using computers--it protects you even if your house burns down.

groaaaaaan.... just one more thing in a never ending battle.

So if i'm in the market for a new computer does this mean it is time to go to Mac OS X?

Maybe I can get a cheap used mac off of: http://www.junk-swap.com and trade in my old PC?

I can see Interpol trying to catch this guy anyways.

At what kind of sites do users pick up this malware?

By the way, isn't this Microsoft Tuesday?

> The ransomed recovery tool submits the encrypted
> key to a host controlled by the attacker which
> has the private key, and then returns the
> unwrapped symmetric key.

So, the recovery tool reveals where a decryption oracle is running which will return to you the symmetric key. Or if not, it may at least tell you where the attacker's server is. At least it is worth investigating.

SOLUTION FOUND!!!

Switch to Linux

Moral of the story, back up your data.

This has Darkspill from Cold Wars written all over it!

there are people in this world dying from starvation

and your worried about a virtual file

unless the file contained launch codes go screw yourself

Why not follow the money that is paid to ******@yahoo.com?

This is stupid! and criminals are always stupid enough to leave traces. I must agree with the guy saying switch to Linux. hell better yet do a regular back up and once u catch this disease or virus or whatever, you restore ur files and shoot the guy a bird in his email..

I love it. RSA 1024 will be useless once they derive a solution.

Wow, that is truly amazing. Now is the time to utilize privacy services and make yourself invisible to websites you visit. Malicious attacks like this are easily prevented with the proper tools.

JT
http://www.Ultimate-Anonymity.com

So just restore from a backup - who cares? Oh, that's right, people don't do backups. These guys will make a lot of money.

Well, looks like a good project for the IBM Bluegene supercomputer

There was an article just the other day about a computer reaching the petaflop level.
So 1 trillion calculations per second.
2^1024/(1000000000000) = 7.19e296 seconds
=2.28e289 years
The universe will probably only last for at most 1e12 years... so good luck cracking that.
To solve the problem within 1 year we need a computer that can perform around 5.7e300 calculations per second or one that is about 1e288 times faster than what we have today.

Recode the virus and send it to him?

Pay the ransom with a credit card, then charge it back later on as a fraudulent purchase ;-).

unless i missed it somewhere, isnt there any warning in this news article to those who pay the ransom that their card details / bank details they use to pay, will most likely be used by the hackers later on to commit fraud

I'm Sorry but I call Shenanigans on WashingtonPost(as ussual for reporting an incorrect story), and on Kaspersky(main anti-virii used by hackers and virus writers to seal up their zombie bot network servers once they've infected them.)

I havent seen a encrpytion story in several years with the famous 90s quote of "its gonna take all the computers in the world 150 millions years to crack the encryption" I remember that used to be touted for AES and DES 512 encryption and turns out it only takes a decent cracker about 30 seconds on AES, and 15 seconds for DES encryption to be cracked.

And to all the "super smart informed encryption" folks that are leaving comments to get the host server is NOT the only option, there are several more options to not only break the encryption, but also bypass it completely as well.

Anything made by man including computers/software are automaticly flawed by design! because we are all only human, they even noted that the virus writer tooks 2 years off to fix all his first mistakes, guess what? he made even more mistakes with the newest version of software you people just focus on the story and not the code...

Mack-Limelight you're an idiot.

couldn't just one person pay for the software to decrypt their files and everyone else just pirates (if that term is accurate in this sense) the software to get around it? That is assuming the software for dycrption actually exists and isn't just a quick way for this guy to make a buck...

Mack-Limelight> you people just focus on the story and not the code...

Actually, since we don't have the code at hand, we focus on the theoretical problem.

As for your laughably wrong statements about ciphers, I'll personally give you $1000 if you can discover an AES-128 key given 256 bytes of ciphertext and plaintext within a month. (I'd give you unlimited time, but then it would never be clear that you failed.)

Why the heck are you protecting the email address of these a-holes?????

*******@yahoo.com ?????

So friggin' cheap they didn't even get their own domain???

@Mau - That is straight from Kaspersky's advisory. They're the ones who blocked out the full e-mail address. My suspicion is that Kaspersky didn't want that addressed closed down too quickly, but you'd have to ask them why they blocked it out.

Well if its understood correctly this seems to be a world wide issue, if it is true and spreads. Now said that, Canada's Implementation of DMCA Law(s) would really hurt persons' rights to their own material.

Calculator:

A petaflop is 1,000 trillion calculations per second, not 1 trillion.

perfect, eegras. i've been fantasizing for years about doing this to *all* virus writers and spammers. think we could pool our resources to get gpcode-extortionist to target spammers only?

I agree with others here who suggest that the solution is to FOLLOW THE MONEY. There is no amount of redirecting or falsifying the hackers can do that will not be traceable by law enforcement types - at least, if the hackers hope to actually get the money.

Get the hackers, get the KEY(gen).

You may be in interested to know that Kaspersky has amusingly posted a challenge on factoring the public key. Schneier has posted about this here:

http://www.schneier.com/blog/archives/2008/06/kaspersky_labs.html

I especially love this comment from "Brad Templeton", regarding the additional external cost of actually executing Kaspersky's challenge:

"Not to mention that since going full blast pushes the computer power draw up by about 40 to 70 watts on a typical system today -- let's say 50 -- this amounts to 6.5 Billion kw-h, costing about 670 million dollars as the U.S. residential average of 10.3 cents/kwh, or 67 trillion BTUs at the generator (the equivalent of burning 500 million gallons of gasoline, though in the USA it's mostly coal and natural gas, then nukes and hydro)"

The best solution is a good backup system. Of course, a good backup system is proof against a large number of problems, so it's something that everybody should be doing (and practically nobody is).

News of this virus has finally spurred me into exhuming and resurrecting my old tape backup system. It's automated using EMC Retrospect and works a treat. Of course, I've been honing it for over a decade now.

"What happens if I back up the encrypted files?" Well, a GOOD backup system keeps a history, so you should have the files from yesterday, or last week, or whenever you last got around to it (yesterday, for me -- I do recommend automating it). You just restore from the previous backup.

"The problem iI see with that, is in that you still will need to discover at what point the infection occur, in order to restore? Maybe I am missing something here?"

Nope, not missing a thing. You need to figure out when the infection happened, and restore before that. I used to back up 180+ clients where I worked, and once I actually did find an infected system; I just kept doing restores, one day backwards at a time, until I found the time it wasn't infected. (Fortunately it was not a mission critical system, so we didn't much care about how old the backup was.)

So... it'll take a few hours, at most, for you to figure out which backup you'll have to restore from. As opposed to, say, a couple trillion years to hack a solution.

I know which I'd prefer.

Additionally, there was a Slashdot story about the Kaspersky factoring challenge:

http://it.slashdot.org/article.pl?sid=08/06/11/1358246

Ummmm....ever heard of Interpol.
They can get Interpol to get a subpoena to yahoo to get the them to monitor the ip addresses that the email is being used from...then trace the ip addresses to the isp and then to the home....unless he is iran, burma, or north korea....I really dont see a problem in arresting this guy.

shdwsclan> They can get Interpol to get a subpoena to yahoo to get the them to monitor the ip addresses that the email is being used from...

That won't tell you anything useful. The IP will simply belong one of the thousands of compromised systems the attacker has access to (maybe even the system sitting in your office). If the attacker was really lazy, it'll be the address of a Tor node. Either way, that will be the end of the trail. Now, won't you be glad you wasted Interpol's time with that?

If someone wants to try to follow the money, they *might* have a better chance with that. But the attacker no doubt has a lot of phished accounts available, so you can bet the money is squirreling from account A to B to C ad nauseam.

Again, I'd rather have international law enforcement hunting down pedophiles and serious criminals. This is petty larceny. The correct solution: back up your files. Oh, and for Pete's sake, don't use Windows.

www.schneier.com/blog is down. Netcraft, et all, no reply. Anonymouse, as well, 111. Google has even lost its cached of the 1024 issue.
Hum...

I might be naive. That's OK. I'm a computer user, not a specialist. But I was wondering, what about reverse engineering? Would it work with this virus?

Tudo bom, Marcio...

Reverse engineering can tell you how the encryption algorithm works. If the encryption is implemented *correctly*, however, this doesn't help you, because all secrecy resides in the key, which is not revealed in the design.

You may find it interesting to read about Kerckhoffs's principle:

http://en.wikipedia.org/wiki/Kerckhoffs%27_principle

In this case, it has been stated by those who have examined the malware that the files themselves are encrypted using the RC4 cipher, permuted by a 128-bit initialization vector (a.k.a. "salt"), which is prepended to the encrypted file. All files are encrypted using the same RC4 secret key, but the initialization vectors are all distinct. The RC4 secret key is then encrypted using an RSA-1024 public key and given to the victim as a token. Unfortunately, without knowledge of the secret part of the RSA keypair, none of that information avails anyone. Only the person who possesses the RSA secret key can decrypt the token to produce the original RC4 secret key needed to decrypt the files.

The use of a distinct RC4 initialization vector for each encrypted file is important, because otherwise, you could XOR two encrypted files with one another to recover the XOR of the original plaintexts.

The way reverse engineering could help is if the attacker made a mistake. For example, the RC4 secret key should be a completely random value. But there is no true source of randomness in a computer. If the attacker used a flawed technique to produce the RC4 secret key, that key may actually be predictable. A classic version of this scenario is the Debian openssl vulnerability that was disclosed a few weeks ago:

http://blog.washingtonpost.com/securityfix/2008/05/debian_and_ubuntu_users_fix_yo.html

In that case, the random number generator was initialized using only a number between 1 and 32767. This meant it could generate only one of 32767 random streams of numbers, and one can use brute force to test each possible stream.

If the author of this malware made a mistake in initializing his source of randomness, the RC4 secret keys may be predictable. Reverse engineering the malware would reveal whether this is the case. You can be sure people have been examining the malware with this and other possibilities in mind, but so far no one has announced any useful discoveries.

Boa noite...

I must be missing something here. How does this bugger get to disk and how is it suddenly allowed to alter files like this? There's something wrong. As per usual when it comes to Windows.

Why would someone need to be protected from hackers?

Of course you might prefer to live without TCP/IP, USENET, HTTP, programming languages, internet, etc...

'Of course you might prefer to live without TCP/IP, USENET, HTTP, programming languages, internet, etc...'

No. Just Windows (l)users.

'RSA-1024 encryption is strong'

There's an educated opinion. ;)

Rick, if you know of a vulnerability in RSA-1024, please share it. It's the basis of most SSL/TLS security, so you owe it to the world to share your clearly superior knowledge of exactly how to compromise it. You must know a lot more about cryptography than even Bruce Schneier, so please educate us. What university are you tenured at, or do you work for the NSA?

Since you're obviously blowing smoke, I challenge you to discover the private key for an RSA-1024 keypair of my choosing. I'll give you the public key, and let you execute chosen plaintext attacks to your heart's content. I'll give you $1000 if you can do it in a month. As with Mack-Limelight, I would give you unlimited time, but then it would never be clear when you failed.