RSA Security Issues

Source: Internet
Author: User
Tags square root

Encryption: C=me (mod n)

Decryption: M=CD (mod n)

Security Basics:

Brute-lifting method attack:

1. Attackers design a m,c=me (mod n)

The number of 2.d is at most n-1, try to use each d crack, if M ' =CD ' (mod n) =m,d ' is the solution

3. Set the P,Q to 100 bits (decimal), then n-1 about 200 bits (decimal) n=10200

4. Assuming that you can do 100 million searches per second (108), you can search for 108*60*60*24*365=3*1015 each year

10,200 keys are searched for 100200/(3*1015) =3*1015=10184 years

The calculation is not feasible.

Analyzing the RSA lock structure

D=e-1mod (φ (n)) is de=1 mod (φ (n))

The problem is: known e,φ (n) unknown, seeking D

if φ (n) knows, then it's easy to ask D.

Problem changed to: n Known, φ (n)

Method 1: Direct, when n is large, calculate φ (n) is difficult, not feasible

Method 2: Using N=PQ, (P,q is prime), Φ (n) = (p-1) (q-1) calculation is easy

Problem becomes: N, N=PQ, (P,q is prime) the prime decomposition problem of the number

The complexity of the decomposition of the element factor:

The time complexity of the currently fastest factorization method is exp (sqrt (ln n lnln N))

2007 3 Institutions (EPFL, Bonn University, Japan Telephone and telegraph Company) designed computer clusters successfully decomposed 307-bit decimal number 21039-1

So RSA's security relies on the difficulty of decomposing large numbers? Mathematically, it has not been proved that only a large number of n can be decomposed to calculate m (i.e. RSA's security and large number decomposition equivalence) from C and E. So the above statement is only a hypothesis, but so far it has failed to prove its error.

Even if the RSA algorithm cannot be effectively cracked, there are other ways to attack the protocol.

A eavesdropping on B's communication, get C=me MoD n,a goal is to solve the M

1.A Choose an R, calculate x=re mod n (ie r=xd mod n)

2. Calculate Y=XC mod n

3. Calculate T=R-1 mod n

4.A let B sign on y, u=yd mod n

5.A calculation tu mod n=r-1yd mod n

=R-1XD CD mod n

=r-1red CD mod n

=CD mod n = m

The problem appears in B to sign the unknown information.

How to solve: from the algorithm can not be solved, the main measure is to adopt a good public key protocol

1. The entity does not easily decrypt the information generated by other entities in the course of the work, and does not sign the information without knowing it.

2. The document is hashed first when a random document is signed for another entity

There are some other questions:

1. If P,q is closer

2. The system uses a common modulus, n has been unchanged

Such a system is mathematically proven to be more easily cracked.

Find the right prime number:

1. The Mantissa division, take a number p, with 2 to the square root of the number of each prime number removed, if not divisible, the number is prime.

2.Fermat method

3.Lehmann test method

4.miller-rabin test method

...

RSA Security Issues

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.