RSA Security Issues

Encryption: C=me (mod n)

Decryption: M=CD (mod n)

Security Basics:

Brute-lifting method attack:

1. Attackers design a m,c=me (mod n)

The number of 2.d is at most n-1, try to use each d crack, if M ' =CD ' (mod n) =m,d ' is the solution

3. Set the P,Q to 100 bits (decimal), then n-1 about 200 bits (decimal) n=10200

4. Assuming that you can do 100 million searches per second (108), you can search for 108*60*60*24*365=3*1015 each year

10,200 keys are searched for 100200/(3*1015) =3*1015=10184 years

The calculation is not feasible.

Analyzing the RSA lock structure

D=e-1mod (φ (n)) is de=1 mod (φ (n))

The problem is: known e,φ (n) unknown, seeking D

if φ (n) knows, then it's easy to ask D.

Problem changed to: n Known, φ (n)

Method 1: Direct, when n is large, calculate φ (n) is difficult, not feasible

Method 2: Using N=PQ, (P,q is prime), Φ (n) = (p-1) (q-1) calculation is easy

Problem becomes: N, N=PQ, (P,q is prime) the prime decomposition problem of the number

The complexity of the decomposition of the element factor:

The time complexity of the currently fastest factorization method is exp (sqrt (ln n lnln N))

2007 3 Institutions (EPFL, Bonn University, Japan Telephone and telegraph Company) designed computer clusters successfully decomposed 307-bit decimal number 21039-1

So RSA's security relies on the difficulty of decomposing large numbers? Mathematically, it has not been proved that only a large number of n can be decomposed to calculate m (i.e. RSA's security and large number decomposition equivalence) from C and E. So the above statement is only a hypothesis, but so far it has failed to prove its error.

Even if the RSA algorithm cannot be effectively cracked, there are other ways to attack the protocol.

A eavesdropping on B's communication, get C=me MoD n,a goal is to solve the M

1.A Choose an R, calculate x=re mod n (ie r=xd mod n)

2. Calculate Y=XC mod n

3. Calculate T=R-1 mod n

4.A let B sign on y, u=yd mod n

5.A calculation tu mod n=r-1yd mod n

=R-1XD CD mod n

=r-1red CD mod n

=CD mod n = m

The problem appears in B to sign the unknown information.

How to solve: from the algorithm can not be solved, the main measure is to adopt a good public key protocol

1. The entity does not easily decrypt the information generated by other entities in the course of the work, and does not sign the information without knowing it.

2. The document is hashed first when a random document is signed for another entity

There are some other questions:

1. If P,q is closer

2. The system uses a common modulus, n has been unchanged

Such a system is mathematically proven to be more easily cracked.

Find the right prime number:

1. The Mantissa division, take a number p, with 2 to the square root of the number of each prime number removed, if not divisible, the number is prime.

2.Fermat method

3.Lehmann test method

4.miller-rabin test method

...

RSA Security Issues