Introduction Algorithm Usage Correctness Security RSA algorithm Adrian Spataru Department of Computer Science, West University of Timi¸ soara October 30, 2013 Adrian Spataru Department of Computer Science, West University of Timi¸ soara RSA algorithm
RSA Algorithm
Dec 02, 2014
Presentation for the course of Security and Cryptography, Computer Science, 3rd Year.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Introduction Algorithm Usage Correctness Security
RSA algorithm
Adrian Spataru
Department of Computer Science,West University of Timisoara
October 30, 2013
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
1 Introduction
2 Algorithm
3 Usage
4 Correctness
5 Security
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?
an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?Ron RivestAdi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptography
based on the difficulty of factoring large integers.
Where does the name come from?Ron RivestAdi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?Ron RivestAdi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?
Ron RivestAdi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?Ron Rivest
Adi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?Ron RivestAdi Shamir
Leonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
About
What is it?an algorithm for public key cryptographybased on the difficulty of factoring large integers.
Where does the name come from?Ron RivestAdi ShamirLeonard Adleman
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Introduction
Where it’s being used?
CommunicationBanksSignaturesIdentity Certificates
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Introduction
Where it’s being used?Communication
BanksSignaturesIdentity Certificates
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Introduction
Where it’s being used?CommunicationBanks
SignaturesIdentity Certificates
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Introduction
Where it’s being used?CommunicationBanksSignatures
Identity Certificates
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Introduction
Where it’s being used?CommunicationBanksSignaturesIdentity Certificates
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × q
n is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is public
Its length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)
ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1
e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n))
ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) or
d × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Algorithm
1 Take p and q large prime numbers
2 Compute n = p × qn is called the modulus and it is publicIts length denotes the key length
3 Compute ϕ(n) = (p − 1)(q − 1)ϕ is Euler’s totient function.
4 Choose e, s.t. 1 < e < ϕ(n) and gcd(e, ϕ(n)) = 1e is released as public exponent
5 Compute d as d−1 ≡ e(modϕ(n)) ord × e ≡ 1(modϕ(n))
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Computing d
Let x = ϕ(n) + 1.If x divides e → d = x/eelse x becomes x + ϕ(n)repeat
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Example
Suppose p = 17 and q = 23.
Then n (modulus) = 391ϕ(n) = (16× 22) = 352Let’s choose e = 3.d = 1(modϕ(n))
e= 235.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Example
Suppose p = 17 and q = 23.Then n (modulus) = 391
ϕ(n) = (16× 22) = 352Let’s choose e = 3.d = 1(modϕ(n))
e= 235.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Example
Suppose p = 17 and q = 23.Then n (modulus) = 391ϕ(n) = (16× 22) = 352
Let’s choose e = 3.d = 1(modϕ(n))
e= 235.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Example
Suppose p = 17 and q = 23.Then n (modulus) = 391ϕ(n) = (16× 22) = 352Let’s choose e = 3.
d = 1(modϕ(n))e
= 235.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Example
Suppose p = 17 and q = 23.Then n (modulus) = 391ϕ(n) = (16× 22) = 352Let’s choose e = 3.d = 1(modϕ(n))
e= 235.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Scenario
Traian wants to communicate with Angela via RSA encryptedmessages.Both of them generate a RSA key-pair.Traian gives to Angela his public key, and Angela gives toTraian hers.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Encryption
Angela wants to send Traian the message M .
The message is turned into an integer m, 0 ≤ m < n.based on a padding schemeAngela computes c = me(modn) (e from Traian’s public key,and sends this to Traian.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Encryption
Angela wants to send Traian the message M .The message is turned into an integer m, 0 ≤ m < n.based on a padding schemeAngela computes c = me(modn) (e from Traian’s public key,and sends this to Traian.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Decryption
Traian can recover the message with the formulam = cd(modn).Reverse the padding scheme to get the message.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Tricks
For encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.
This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
TricksFor encryption, exponentiation by squaring can save a lotof time.
For decryption, the Chinese remainder algorithm can beused.This algorithm stores in the private key severalprecomputed values (dP , dQ , qinv ).
dP = d(modp − 1)
dQ = d(modq − 1)
qinv = q−1(modp)
m1 = cdP (modp);m2 = cdQ (modq);
h = qinv (m1−m2)(modp)
m = m2 + hq
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem
Theorem
Let p be a prime number∀a - integer number, ap − a is multiple of p.
ap ≡ a(modp)If a is not divisible by p, thenap−1 ≡ 1(modp).
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem
Theorem
Let p be a prime number∀a - integer number, ap − a is multiple of p.ap ≡ a(modp)
If a is not divisible by p, thenap−1 ≡ 1(modp).
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem
Theorem
Let p be a prime number∀a - integer number, ap − a is multiple of p.ap ≡ a(modp)If a is not divisible by p, then
ap−1 ≡ 1(modp).
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem
Theorem
Let p be a prime number∀a - integer number, ap − a is multiple of p.ap ≡ a(modp)If a is not divisible by p, thenap−1 ≡ 1(modp).
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.
m ≡ n(modϕ(p)), then ∀a, we have am ≡ an(modp).
m = b(p − 1) + nam = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.m ≡ n(modϕ(p)),
then ∀a, we have am ≡ an(modp).
m = b(p − 1) + nam = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.m ≡ n(modϕ(p)), then ∀a, we have am ≡ an(modp).
m = b(p − 1) + nam = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.m ≡ n(modϕ(p)), then ∀a, we have am ≡ an(modp).
m = b(p − 1) + n
am = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.m ≡ n(modϕ(p)), then ∀a, we have am ≡ an(modp).
m = b(p − 1) + nam = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Fermat’s little theorem generalization
Theorem
If p is prime and m and n are positive integers s.t.m ≡ n(modϕ(p)), then ∀a, we have am ≡ an(modp).
m = b(p − 1) + nam = ab(p−1) × an ≡ 1b × an ≡ an(modp)
q.e.d.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:
The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn).
For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:
p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.
if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Security
Integer factorization and the RSA problem:The task of taking eth roots modulo a composite n,recovering m, s.t. c ≡ me(modn). For now, the mostpromising approach is to factorize n
Faulty key generation:p and q should not be to close.if p − q < 2n1/4(3× 1077) - for a 1024-bit key, Fermatfactorization will make it trivial.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Strong number generator
p and q should be generated using a properly seeded withadequate entropy random generator. This can be done seedingthe RNG with:
key stroke timings
electronic diode noise
atmospheric noise from a radio receiver tuned betweenstations.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:
RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.
RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:
RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000
RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000
RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000
RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Breaking the RSA
Several RSA moduli have been factored:RSA-768 (232 decimal digits) - 2009, December.RSA-704 (212 decimal digits) - 2012, July.
Prizes for breaking the keys:RSA-896 → $75, 000RSA-1024 → $100, 000RSA-1536 → $150, 000RSA-2048 → $200, 000. - not really possible in nearfuture.
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Introduction Algorithm Usage Correctness Security
Thank you!
Questions?
Adrian Spataru Department of Computer Science, West University of Timisoara
RSA algorithm
Related Documents
