This preview shows page 1. Sign up to view the full content.
Unformatted text preview: lowed
by public key
by private key
Result is the same!
Ciphertext block can be as big as the key-length
=> digital signature can be as big as the key-length How secure is RSA ?
Brute force attack: try all possible keys – the larger the value of d the
more The larger the key, the slower the system ;
Alternatively, one can break RSA by finding p and q, and thus d by
knowing n and e
and However, for large n with large prime factors, factoring is a hard
problem Cracked in 1994 a 428 bit key; $100
$100 Currently 1024-bit key size (no. of bits in n ) is considered strong
enough, for now
for http://www.rsasecurity.com/rsalabs/node.asp?id=2218 $100 RSA Scientific American Challenge Martin Gardner publishes Scientific American column about RSA
in August ’77, including the RSA $100 challenge (129 digit , or
about 430-bit n ) and the infamous “40 quadrillion = 40*10 15 years”
estimate required to factor RSA-129 =
(129 digits) or to decode encrypted message. RSA-129 was factored in 1994, using thousands of computers on
Internet, using 5000 MIPS-years (1GHz Pentium PC ~= 250 MIPS)
“The magic words are squeamish ossifrage.” Cheapest purchase of computing time ever! Gives credibility to difficulty of factoring, and helps establish key
sizes needed for security.
sizes Other Factoring milestones ’84: 69D (D = “decimal digits”) (Sandia; Time magazine)
’91: 100D = 332 bits (using Quadratic Sieve techniques)
’94: 129D = 428 bits ($100 challenge number) (Distributed QS,
8 months, 5000MIPS-year) ; [ Ref: 1GHz Pentium PC ~= 250
’99: 155D = 512 bits; (Generalized Number Field Sieve
techniques, 2 months and 10 days, 8000-MI...
View Full Document
- Fall '13