04 publickeycrypto

Ciphertext block can be as big as the key length

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: y first, followed by public key Result is the same! Ciphertext block can be as big as the key-length => digital signature can be as big as the key-length How secure is RSA ? Brute force attack: try all possible keys – the larger the value of d the Brute the more secure The larger the key, the slower the system ; The Alternatively, one can break RSA by finding p and q, and thus d by and by knowing n and e and However, for large n with large prime factors, factoring is a hard However, with problem Cracked in 1994 a 428 bit key; $100 Cracked Currently 1024-bit key size (no. of bits in n ) is considered strong Currently is enough, for now for http://www.rsasecurity.com/rsalabs/node.asp?id=2218 http:// $100 RSA Scientific American Challenge Martin Gardner publishes Scientific American column about RSA Martin in August ’77, including the RSA $100 challenge (129 digit , or about 430-bit n ) and the infamous “40 quadrillion = 40*1015 years” years estimate required to factor RSA-129 = RSA 114,381,625,757,888,867,669,235,779,976,146,612,010,218,296, 721,242,362,562,561,842,935,706,935,245,733,897,830,597,123, 563,958,705,058,989,075,147,599,290,026,879,543,541 (129 digits) or to decode encrypted message. or RSA-129 was factored in 1994, using thousands of computers on RSA Internet, using 5000 MIPS-years (1GHz Pentium PC ~= 250 MIPS) “The magic words are squeamish ossifrage.” Cheapest purchase of computing time ever! Cheapest Gives credibility to difficulty of factoring, and helps establish key Gives sizes needed for security. Other Factoring milestones ’84: 69D (D = “decimal digits”) (Sandia; Time magazine) ’91: 100D = 332 bits (using Quadratic Sieve techniques) ’94: 129D = 428 bits ($100 challenge number) (Distributed QS, 8 months, 5000MIPS-year) ; [ Ref: 1GHz Pentium PC ~= 250 MIPS] ’99: 155D = 512 bits; (Generalized Number Field Sieve techniques, 2 months and 10 days, 8000-MIPS-year) 512-bit RSA Backdoor in Quicken files for recovery service 512 by Intuit ; Elcomsoft is able to offer a competitive service => cracked ! ’01: 15 = 3 * 5 (4 bits; IBM quantum computer!) Dec 2003: 576-bit cracked Dec Nov. 2005: 640-bit cracked Nov. Dec. 2009: 768-bit cracked Dec. See http://www.rsasecurity.com/rsalabs/node.asp?id=2093 for See for the remaining bounty !! Recommended Key Sizes for RSA Old Standard: Old Individual users: 512 bits (155 decimal digits) Individual New Standard: New Short term protection: 1024-bits (308 decimal digits) Short Long term protection: 2048-bits (616 decimal digits) Long Ref: No. of operations required to crack 512-bit RSA with best known attack = 1/50 * NDES where NDES is the no. of operations required to crack 56-bit DES by is brute-force key-enumeration Implementation Aspects of RSA How to find the big primes p and q ? How Generate random numbers and test for their primality using Generate known testing algorithms How many times (numbers) one need to try before finding a How prime no. ? For a randomly chosen no. N, the probability of it being For prime ~= 1/ ln N ; => need to try ln N times on averag...
View Full Document

This note was uploaded on 04/15/2013 for the course IE IERG4130 taught by Professor Zhangkehuan during the Spring '13 term at CUHK.

Ask a homework question - tutors are online