This preview shows page 1. Sign up to view the full content.
Unformatted text preview: y
first, followed
by public key Result is the same! Ciphertext block can be as big as the keylength
=> digital signature can be as big as the keylength How secure is RSA ?
Brute force attack: try all possible keys – the larger the value of d the
Brute
the
more secure The larger the key, the slower the system ;
The
Alternatively, one can break RSA by finding p and q, and thus d by
and
by
knowing n and e
and However, for large n with large prime factors, factoring is a hard
However,
with
problem Cracked in 1994 a 428 bit key; $100
Cracked Currently 1024bit key size (no. of bits in n ) is considered strong
Currently
is
enough, for now
for http://www.rsasecurity.com/rsalabs/node.asp?id=2218
http:// $100 RSA Scientific American Challenge
Martin Gardner publishes Scientific American column about RSA
Martin
in August ’77, including the RSA $100 challenge (129 digit , or
about 430bit n ) and the infamous “40 quadrillion = 40*1015 years”
years
estimate required to factor RSA129 =
RSA
114,381,625,757,888,867,669,235,779,976,146,612,010,218,296,
721,242,362,562,561,842,935,706,935,245,733,897,830,597,123,
563,958,705,058,989,075,147,599,290,026,879,543,541
(129 digits) or to decode encrypted message.
or RSA129 was factored in 1994, using thousands of computers on
RSA
Internet, using 5000 MIPSyears (1GHz Pentium PC ~= 250 MIPS)
“The magic words are squeamish ossifrage.” Cheapest purchase of computing time ever!
Cheapest Gives credibility to difficulty of factoring, and helps establish key
Gives
sizes needed for security. Other Factoring milestones ’84: 69D (D = “decimal digits”) (Sandia; Time magazine)
’91: 100D = 332 bits (using Quadratic Sieve techniques)
’94: 129D = 428 bits ($100 challenge number) (Distributed QS, 8
months, 5000MIPSyear) ; [ Ref: 1GHz Pentium PC ~= 250
MIPS]
’99: 155D = 512 bits; (Generalized Number Field Sieve
techniques, 2 months and 10 days, 8000MIPSyear) 512bit RSA Backdoor in Quicken files for recovery service
512
by Intuit ; Elcomsoft is able to offer a competitive service =>
cracked !
’01: 15 = 3 * 5 (4 bits; IBM quantum computer!)
Dec 2003: 576bit cracked
Dec
Nov. 2005: 640bit cracked
Nov.
Dec. 2009: 768bit cracked
Dec.
See http://www.rsasecurity.com/rsalabs/node.asp?id=2093 for
See
for
the remaining bounty !! Recommended Key Sizes for RSA Old Standard:
Old Individual users: 512 bits (155 decimal digits)
Individual New Standard:
New Short term protection: 1024bits (308 decimal digits)
Short Long term protection: 2048bits (616 decimal digits)
Long Ref: No. of operations required to crack 512bit RSA with best
known attack = 1/50 * NDES
where NDES is the no. of operations required to crack 56bit DES by
is
bruteforce keyenumeration Implementation Aspects of RSA How to find the big primes p and q ?
How Generate random numbers and test for their primality using
Generate
known testing algorithms How many times (numbers) one need to try before finding a
How
prime no. ?
For a randomly chosen no. N, the probability of it being
For
prime ~= 1/ ln N ; => need to try ln N times on averag...
View
Full
Document
This note was uploaded on 04/15/2013 for the course IE IERG4130 taught by Professor Zhangkehuan during the Spring '13 term at CUHK.
 Spring '13
 ZHANGKEHUAN

Click to edit the document details