L03_publickeycrypto

dec 2003 576 bit cracked nov 2005 640 bit cracked

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: PS-year) techniques, ’01: 15 = 3 * 5 (4 bits; IBM quantum computer!) Dec 2003: 576-bit cracked Nov. 2005: 640-bit cracked See http://www.rsasecurity.com/rsalabs/node.asp?id=2093 for See http://www.rsasecurity.com/rsalabs/node.asp?id=2093 the remaining bounty !! the Recommended Key Sizes for RSA Old Standard: Individual users: 512 bits (155 decimal digits) New Standard: Individual users: 768 bits (231 decimal digits) Organizations (short term): 1024-bits (308 decimal digits) Organizations (long term): 2048-bits (616 decimal digits) Ref: No. of operations required to crack 512-bit RSA with best Ref: known attack = 1/50 * NDES known where NDES is the no. of operations required to crack 56-bit DES by DES brute-force key-enumeration brute-force Implementation Aspects of RSA How to find the big primes p and q ? Generate random numbers and test for their primality using Generate known testing algorithms known How many times (numbers) one need to try before finding a How prime no. ? For a randomly chosen no. N, the probability of it being For prime ~= 1/ ln N ; => need to try ln N times on average prime For a 100-digit number, one 1 in 230 chance. e can be fixed to some constant value without decreasing security ; e is commonly set to 3 or 65537 = 216+1 in practice to speed up +1 encryption: m e mod n ; one can compute m 65537 quickly as well quickly Once e is fixed, d can be found using the Euclid’s Algorithm Once fixed can Breaking News: (Feb 15, 2012): Implementation Flaws in RSA Breaking random key generations random http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in- Some arcane Attacks on RSA Guessing plaintext attack: if the attackers know the candidate set of plaintexts to Guessing be sent (with exact wordings), the attacker can encrypt each of the possible choice using the recipient’s public key and compare them to the actual ciphertext sent ; Chosen ciphertext attack: don’t sign arbitrary messages sent by others because Chosen signing is equivale...
View Full Document

This note was uploaded on 12/05/2013 for the course IERG 4130 taught by Professor Chowsze-ming,sherman during the Fall '13 term at CUHK.

Ask a homework question - tutors are online