Current location - Quotes Website - Personality signature - Query on rsa encryption algorithm
Query on rsa encryption algorithm
What is RSA?

RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and it is also easy to understand and operate.

RSA is the most widely studied public key algorithm. It has been nearly twenty years since it was put forward, and it has been gradually accepted by people after being tested by various attacks. It is generally considered as one of the best public key schemes at present. The security of RSA depends on the factorization of large numbers, but it has not been proved theoretically that the difficulty of deciphering RSA is equal to the difficulty of factorization of large numbers. In other words, one of RSA's major defects is that it can't grasp its security performance in theory, and most people in cryptography tend to think that factorization is not an NPC problem.

The main disadvantages of RSA are: a) It is very troublesome to generate the key, and it is difficult to achieve one secret at a time due to the limitation of prime number generation technology. B) The packet length is too large. In order to ensure security, n should be at least 600 bits, which makes the operation cost very high, especially the speed is slow, which is several orders of magnitude slower than that of the symmetric cryptographic algorithm; And with the development of large number decomposition technology, this length is still increasing, which is not conducive to the standardization of data formats. At present, Set protocol requires CA to use 2048-bit key, while other entities use 1024-bit key.

This algorithm appears in 1978, which is the first algorithm that can be used for data encryption and digital signature at the same time. Easy to understand and operate, and very popular. The name of the algorithm is named after the inventors: Ron Rivest, AdiShamir and Leonard Adleman.

RSA algorithm is an asymmetric encryption algorithm. The so-called asymmetry means that the algorithm needs a pair of keys. If one is used for encryption and the other is used for decryption.

The algorithm of RSA involves three parameters, n, e 1 and e2.

Where n is the product of two large prime numbers p and q, and the number of bits occupied by the binary representation of n is the so-called key length.

E 1 and e2 are a pair of related values, and e 1 can be taken arbitrarily, provided that e 1 and (p- 1)*(q- 1) are coprime; Select e2 again and ask (E2 * e1) mod ((p-1) * (q-1)) =1.

(n and e 1), (n and e2) are key pairs.

RSA encryption and decryption algorithms are exactly the same. If a is plaintext and b is ciphertext, then: a = a = b e1mod n; ; b=a^e2 mod n;

E 1 and e2 can be used interchangeably, that is:

a=b^e2 mod n; b=a^e 1 mod n;

[Edit this paragraph] I. Security of registry system administrators

The security of RSA depends on the decomposition of large numbers, but whether it is equivalent to the decomposition of large numbers has not been proved theoretically, because it needs to decompose large numbers without proof. Assuming that there is an algorithm that does not need to decompose large numbers, it can definitely be modified into a large number decomposition algorithm. At present, some variant algorithms of RSA have been proved to be equivalent to large number decomposition. In any case, decomposing n is the most obvious attack method. Now, people have been able to decompose large prime numbers with multiple decimal places. Therefore, depending on the specific application, the modulus n must be larger.

[Edit this paragraph] Second, the speed of RSA

Because of the calculation of large numbers, RSA is twice as slow as DES in the fastest case, whether it is implemented by software or hardware. Speed has always been RSA's shortcoming. Generally speaking, it is only used to encrypt a small amount of data.

[Edit this paragraph] III. Selective ciphertext attack of RSA

RSA is vulnerable to selective ciphertext attacks. Generally, attackers will blindly disguise some information and let entities with private keys sign it. Then, it can get the information it wants through calculation. In fact, all attacks take advantage of the same weakness, that is, there is the fact that the power keeps the multiplication structure of the input:

(XM) d = x d * m d model n

As mentioned earlier, this inherent problem comes from the most useful feature of public key cryptosystem-everyone can use the public key. However, this problem cannot be solved algorithmically, and there are two main measures: one is to adopt a good public key protocol to ensure that entities do not decrypt information generated arbitrarily by other entities or sign information they know nothing about; The other is never to sign a document sent by a stranger casually. When signing, first hash the document with a one-way hash function, or

[Edit this paragraph] 4. Modular attack of RSA

If there are modules in the system, but different people have different E and D, the system will be dangerous. The most common situation is to encrypt the same information with different public keys, and these public keys are modular and prime numbers, so the information can be recovered without private keys. Let p be plaintext, two encryption keys e 1 and e2, and public * * * modulus n, then:

C1= p e1module number

C2 = P^e2 Modern

If the cryptanalyst knows n, e 1, e2, C 1 and C2, he can get p.

Because e 1 and e2 are coprime, R and S can be found by Euclidean algorithm, which satisfies:

r * e 1 + s * e2 = 1

Assuming that R is negative, it is necessary to calculate C 1 (- 1) by Euclid algorithm, then

(c 1^(- 1))^(-r)* c2^s = p modn

In addition, there are several other ways to attack by using common mode. In a word, if we know the e and d of a given module, it is beneficial for the attacker to decompose the module and calculate other pairs of E' and D' without decomposing the module. There is only one solution, and that is not to enjoy the modulus n.

Small exponent attack of RSA. One suggestion to improve the speed of RSA is to make the public key e a smaller value, which will make encryption easy to realize, and the speed is.

It's improved But it is not safe to do so, and the way to deal with it is to take larger values for e and d.

RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and it is also easy to understand and operate. RSA is the most widely studied public key algorithm. It has been nearly twenty years since it was put forward, and it has been gradually accepted by people after being tested by various attacks. It is generally considered as one of the best public key schemes at present. The security of RSA depends on the factorization of large numbers, but it has not been proved theoretically that the difficulty of deciphering RSA is equal to the difficulty of factorization of large numbers. In other words, one of RSA's major defects is that it can't grasp its security performance in theory, and most people in cryptography tend to think that factorization is not an NPC problem. The main disadvantages of RSA are: a) It is very troublesome to generate the key, and it is difficult to achieve one secret at a time due to the limitation of prime number generation technology. B) The packet length is too large. In order to ensure security, n should be at least 600 bits, which makes the operation cost very high, especially the speed is slow, which is several orders of magnitude slower than that of the symmetric cryptographic algorithm; And with the development of large number decomposition technology, this length is still increasing, which is not conducive to the standardization of data formats. At present, set (Secure Electronic Transaction) protocol requires CA to use a bit-long key and other entities to use a bit-long key.

[Edit this paragraph] V. Disadvantages of RSA encryption algorithm

It is very troublesome to generate keys, and it is difficult to achieve one secret at a time due to the prime number generation technology.

2) Security. The security of RSA depends on factorization of large numbers, but it has not been proved theoretically that the difficulty of deciphering RSA is equivalent to that of factorization of large numbers. Most people in cryptography tend to think that factorization is not an NPC problem. At present, people have been able to decompose decimal prime numbers above 140, which requires a longer key and is slow; In addition, people are actively looking for ways to attack RSA, such as choosing ciphertext attack. Generally speaking, an attacker will blindly copy a certain information and let the entity with the private key sign it. Then, it can get the information it wants through calculation. In fact, all attacks take advantage of the same weakness, that is, there is the fact that the power keeps the multiplication structure of the input:

(XM )d = Xd *Md mod n

As mentioned earlier, this inherent problem comes from the most useful feature of public key cryptosystem-everyone can use the public key. However, this problem cannot be solved algorithmically, and there are two main measures: one is to adopt a good public key protocol to ensure that entities do not decrypt information generated arbitrarily by other entities or sign information they know nothing about; The other is never to sign a document sent by a stranger casually. When signing, first use one-way hash function to hash the document, or use different signature algorithms at the same time. Besides using modulus, some attacks using decryption exponent or φ(n) have been tried.

3) The speed is too slow. Because the packet length of RSA is too large, in order to ensure security, n should be at least 600 bitx, which makes the operation cost very high, especially the speed is slow, which is several orders of magnitude slower than the symmetric cryptographic algorithm; And with the development of large number decomposition technology, this length is still increasing, which is not conducive to the standardization of data formats. At present, Set (Secure Electronic Transaction) protocol requires CA to use 2048-bit key, while other entities use 1024-bit key. In order to solve the speed problem, at present, people widely adopt the method of combining single key and public key cryptography, and their advantages and disadvantages complement each other: single key cryptography is fast, people use it to encrypt long files, and then RSA is used to encrypt file keys, which solves the key distribution problem of single key cryptography well.

[Edit this paragraph] VI. Published attack method

The most popular attacks against RSA are usually based on factorization of large numbers. 1999, RSA- 155(5 12 bits) was decomposed successfully, and it was completed on a Cray C9 16 computer with 3.2G central memory, which took 5 months (about 8000 MIPS years) and 224 CPU hours.

In 2002, RSA- 158 also successfully factorized.

RSA- 158 is as follows: