












Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
An in-depth exploration of rsa, a public key cryptosystem used for secure data transmission. Topics include the rsa algorithm's genesis, operation, and security, the concept of a trap-door one-way function, and the differences between professional and amateur approaches to designing ciphers. The document also includes the original rsa challenge and discussions on euler's totient function and euler's theorem.
Typology: Study notes
1 / 20
This page cannot be seen from the preview
Don't miss anything!













Network
Encryption Decryption
Trap-door one-way function
Professional (NSA) vs. amateur (academic) approach to designing ciphers
RSA keys
{ e, N } (^) { d, P, Q }
N = P ⋅ Q
e ⋅ d ≡ 1 mod ((P-1)(Q-1))
P, Q - large prime numbers
Why does RSA work? (1)
Euler’s totient (phi) function (1)
Relatively prime with P: 1, 2, 3, …, P-
Relatively prime with N: {1, 2, 3, …, P⋅Q-1} – {P, 2P, 3P, …, (Q-1)P}
Euler’s totient (phi) function (2)
Relatively prime with N: {1, 2, 3, … , P^2 -1} – {P, 2P, 3P, … , (P-1)P}
ϕ(N) = ∏ Piei-1^ ⋅ (Pi-1) i=
t
Euler’s Theorem - Justification (2)
x 1 ⋅x 2 ⋅x 3 ⋅x 4 ≡ (a⋅x 1 )⋅ (a⋅x 2 )⋅(a⋅x 3 )⋅(a⋅x 4 ) mod N
x 1 ⋅x 2 ⋅x 3 ⋅x 4 ≡ a^4 ⋅ x 1 ⋅x 2 ⋅x 3 ⋅x 4 mod N
a^4 ≡ 1 (mod N)
∏ i=
ϕ(N) xi ≡^ ∏ i=
ϕ(N) a ⋅ xi (mod N)
∏ i=
ϕ(N) xi ≡^ aϕ(N)^ ⋅^ ∏ i=
ϕ(N) xi (mod N)
a ϕ(N)^ ≡ 1 (mod N)
Why does RSA work? (2)
e ⋅ d ≡ 1 mod ϕ(N) e ⋅ d = 1 + k⋅ϕ(N)
Rivest estimation - 1977
The best known algorithm for factoring a 129-digit number requires:
40 000 trilion years = 40 · 10^15 years
assuming the use of a supercomputer being able to perform
1 multiplication of 129 decimal digit numbers in 1 ns
Estimated age of the universe: 100 bln years = 10^11 years
Early records in factoring large numbers
Years
Number of decimal digits
Number of bits
Required computational power (in MIPS-years)
1974
1984
1991
1992
1993
45
71
100
110
120
149
235
332
365
398
7
75
830
Breaking RSA-
from Cray C90, through 16 MHz PC, to fax machines
Results of cryptanalysis:
“The magic words are squeamish ossifrage”
An award of 100 $ donated to Free Software Foundation
Elements affecting the progress
in factoring large numbers
x better algorithms
1977-1993 increase of about 1500 times
Internet
Factoring methods
QS - Quadratic Sieve
GNFS - General Number Field Sieve
ECM - Elliptic Curve Method
Time of factoring depends only on the size of N
Time of factoring is much shorter if N or factors of N are of the special form
Pollard’ s p-1 method
Cyclotomic polynomial method
SNFS - Special Number Field Sieve
Continued Fraction Method (historical)
Running time of factoring algorithms
Lq[α, c] = exp ((c+ o (1))·(ln q)α·(ln ln q)1-^ α)
For D = Lq[0, c] = (ln q)(c+o(1))
Algorithm polynomial as a function of the number of bits of q
For D = Lq[1, c] = exp((c+ o (1))·(ln q))
Algorithm exponential as a function of the number of bits of q
For 0 < D < 1 Algorithm^ subexponential as a function of the number of bits of q
f (n) = o (1) if for any positive constant c >0 there exist a constant n 0 >0, such that 0 ≤ f (n) < c, for all n ≥ n 0
Factoring 512-bit number
TWINKLE
“The Weizmann INstitute Key Locating Engine”
Recommended key sizes for RSA
Old standard:
New standard:
Individual users
Individual users
Organizations (short term)
Organizations (long term)
512 bits (155 decimal digits)
768 bits (231 decimal digits)
1024 bits (308 decimal digits)
2048 bits (616 decimal digits)
Keylengths in public key cryptosystems that provide the same level of security as AES and other secret-key ciphers
Arjen K. Lenstra, Eric R. Verheul
„ Selecting Cryptographic Key Sizes ”
Journal of Cryptology
Arjen K. Lenstra „Unbelievable Security: Matching AES Security Using Public Key Systems ” ASIACRYPT’ 2001
year
Keylengths in RSA providing the same level of security as selected secret-key cryptosystems
March 2002, Financial Cryptography Conference
Nicko van Someren, CTO nCipher Inc. announced that his company developed software capable of breaking 512-bit RSA key within 6 weeks using computers available in a single office
Practical progress in factorization
Bernstein’s Machine (1)
http://cr.yp.to/papers.html#nfscircuit
costing $ 1 bilion is able to break 1024-bit RSA within several minuts
Bernstein’s Machine (2)
Bernstein’s Machine (5)
RSA keylength that can be broken using Bernstein’s machine
Computational cost = time [days] * memory [$]
RSA key lengths that can be broken using classical computers
3
infinity
$ 1 bln1 day $ 1000 bln1 day**
Bernstein’s Machine (6)
RSA Challange
Estimation of RSA Security Inc. regarding
the number and memory of PCs
necessary to break RSA-
Attack time: 1 year
Single machine: PC, 500 MHz, 170 GB RAM
Number of machines: 342,000,