This preview shows page 1. Sign up to view the full content.
Unformatted text preview: y
by public key Result is the same! Ciphertext block can be as big as the key-length
=> digital signature can be as big as the key-length How secure is RSA ?
Brute force attack: try all possible keys – the larger the value of d the
more secure The larger the key, the slower the system ;
Alternatively, one can break RSA by finding p and q, and thus d by
knowing n and e
and However, for large n with large prime factors, factoring is a hard
problem Cracked in 1994 a 428 bit key; $100
Cracked Currently 1024-bit key size (no. of bits in n ) is considered strong
enough, for now
http:// $100 RSA Scientific American Challenge
Martin Gardner publishes Scientific American column about RSA
in August ’77, including the RSA $100 challenge (129 digit , or
about 430-bit n ) and the infamous “40 quadrillion = 40*1015 years”
estimate required to factor RSA-129 =
(129 digits) or to decode encrypted message.
or RSA-129 was factored in 1994, using thousands of computers on
Internet, using 5000 MIPS-years (1GHz Pentium PC ~= 250 MIPS)
“The magic words are squeamish ossifrage.” Cheapest purchase of computing time ever!
Cheapest Gives credibility to difficulty of factoring, and helps establish key
sizes needed for security. Other Factoring milestones ’84: 69D (D = “decimal digits”) (Sandia; Time magazine)
’91: 100D = 332 bits (using Quadratic Sieve techniques)
’94: 129D = 428 bits ($100 challenge number) (Distributed QS, 8
months, 5000MIPS-year) ; [ Ref: 1GHz Pentium PC ~= 250
’99: 155D = 512 bits; (Generalized Number Field Sieve
techniques, 2 months and 10 days, 8000-MIPS-year) 512-bit RSA Backdoor in Quicken files for recovery service
by Intuit ; Elcomsoft is able to offer a competitive service =>
’01: 15 = 3 * 5 (4 bits; IBM quantum computer!)
Dec 2003: 576-bit cracked
Nov. 2005: 640-bit cracked
Dec. 2009: 768-bit cracked
See http://www.rsasecurity.com/rsalabs/node.asp?id=2093 for
the remaining bounty !! Recommended Key Sizes for RSA Old Standard:
Old Individual users: 512 bits (155 decimal digits)
Individual New Standard:
New Short term protection: 1024-bits (308 decimal digits)
Short Long term protection: 2048-bits (616 decimal digits)
Long Ref: No. of operations required to crack 512-bit RSA with best
known attack = 1/50 * NDES
where NDES is the no. of operations required to crack 56-bit DES by
brute-force key-enumeration Implementation Aspects of RSA How to find the big primes p and q ?
How Generate random numbers and test for their primality using
known testing algorithms How many times (numbers) one need to try before finding a
prime no. ?
For a randomly chosen no. N, the probability of it being
prime ~= 1/ ln N ; => need to try ln N times on averag...
View Full Document
This note was uploaded on 04/15/2013 for the course IE IERG4130 taught by Professor Zhangkehuan during the Spring '13 term at CUHK.
- Spring '13