azeemjiva rsa

Document Sample

```					A Creative Way of Breaking
RSA

Azeem Jiva
Overview
●   What is RSA?
–   Public Key Algorithm
–   Is it secure?
●   Ways to break RSA
–   Discover the Public Key
–   Number Field Sieve
What is RSA?
●   RSA is named after its Inventors
●   Public Key Algorithm
●   Variable Key Length
–   512bits, 1024bits are most common
–   2048bits, 4096bits are extreme
●   Variable Plaintext Length
●   Ciphertext Length same as Key Length
●   RSA is slow, used mostly to encrypt second
key
Definitions
●   Relative Prime
–   No common divisors except for 1
–   Sometimes called Coprime and Strangers [2]
–   e.g. 3 and 5
●   Multiplicative Inverse
–   Number which multiplied by another number
gives you one [3]
How RSA Works
●   Need Public and Private Key
–   Don't tell anyone the Private Key!
●   To create Public Key need two large primes
–   P and Q; 256bits each
–   Multiply them together, result is N
–   ø(N)=(P-1)(Q-1)
–   Find E relative prime to ø(N)
–   Public Key is (E,N)
Private Key and Encryption
●   Need to find multiplicative inverse of:
–   D = E mod ø(N)
●   Private Key is (D, N)
●   Now you can encrypt
–   Ciphertext c = ME mod N
●   And decrypt
–   M = CD mod N
●   And sign messages
–   S = MD mod N
Is RSA Secure?
●   Fundamental Tenent of Cryptography
●   Difficult to factor, but there are other ways
–   “Wait”/”Attack”
●   RSA-155 (512bits) was broken in 7 months
[1]
–   Took 8700 MIPS years
●   Estimated time till factored [1]
–   768bits – 2010
–   1024bits – 2018
Breaking RSA
–   Previous way
●   Number Field Sieve
–   Currently the fastest way
–   O{exp[c(log n)1/3 (log log n)2/3]}
–   Can be parallelized on multiple machines
–   Interesting work by Dan Bernstein
●   http://cr.yp.to/papers/nfscircuit.ps
Number Field Sieve
●   Four main steps
–   Polynomial Selection
–   Sieving
–   Linear Algebra
–   Square Root
●   The Sieving is the most time consuming
Polynomial Selection
●   Select two irreducible polynomials (Primes)
–   F1(x)
–   F2(x)
●   They have a common root
–   M mod N
Sieving
●   Finds two numbers that are relatively prime
–   GCD(a,b) = 1
●   Both numbers are smooth over factor bases
–   B deg(f1) f1 (a/b)
–   B deg(f2) f2 (a/b)
●   These two numbers are “relations”
●   Find as many of these “relations” so that
several subsets S with property             X2
≡ Y2 (mod n) can be found
Linear Algebra
●   Filters the results from Sieving
–   Remove duplicates
–   Remove relations that do not occur anywhere
else
–   Certain relations are merged
●   Eliminate primes and prime ideals which occur exactly
k times in k situations
–   Use a Lanczos Algorithm
●   Most time consuming of Linear Algebra Step
Square Root
●   Computes Square Roots
–   a is the root of a polynomial f1(x), f2(x)
–   a – ba have smooth norms
–   Cardinality of S is in the millions
Projects
●   NFS Net
–   http://www.iaeste.dk/~henrik/projects/nfsnet.html
●   Lattice Siever
Factoring Records
References
●   Factorization of a 512-bit Modulus, Cavallar, etc
●   mathworld.wolfram.com/RelativelyPrime.html
●   www.mathnstuff.com/math/spoken/here/1words/m/m31.htm
●   www.cs.sjsu.edu/~stamp/SecurityEngineering/chapter5/knapsack.html

```
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
 views: 0 posted: 9/29/2012 language: Unknown pages: 16