DOCSLIB.ORG

Facthacks: RSA Factorization in the Real World

Facthacks: RSA Factorization in the Real World

FactHacks: RSA factorization in the real world Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Nadia Heninger Microsoft Research New England Tanja Lange Technische Universiteit Eindhoven http://facthacks.cr.yp.to Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to ^ is exponentiation, not xor It has lots of useful libraries: sage: factor(15) sage: factor(x^2-1) 3 * 5 (x - 1) * (x + 1) Preliminaries: Using Sage We wanted to give you working code examples. We're going to use Sage. Sage is free open source mathematics software. Download from http://www.sagemath.org/. Sage is based on Python sage: 2*3 6 Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to It has lots of useful libraries: sage: factor(15) sage: factor(x^2-1) 3 * 5 (x - 1) * (x + 1) Preliminaries: Using Sage We wanted to give you working code examples. We're going to use Sage. Sage is free open source mathematics software. Download from http://www.sagemath.org/. Sage is based on Python, but there are a few differences: ^ is exponentiation, not xor sage: 2^3 8 Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to sage: factor(x^2-1) (x - 1) * (x + 1) Preliminaries: Using Sage We wanted to give you working code examples. We're going to use Sage. Sage is free open source mathematics software. Download from http://www.sagemath.org/. Sage is based on Python, but there are a few differences: ^ is exponentiation, not xor sage: 2^3 8 It has lots of useful libraries: sage: factor(15) 3 * 5 Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to Preliminaries: Using Sage We wanted to give you working code examples. We're going to use Sage. Sage is free open source mathematics software. Download from http://www.sagemath.org/. Sage is based on Python, but there are a few differences: ^ is exponentiation, not xor sage: 2^3 8 It has lots of useful libraries: sage: factor(15) sage: factor(x^2-1) 3 * 5 (x - 1) * (x + 1) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to Public Key N = p*q or 65537 or 35... e = 3 Private Key d = inverse_mod(e,(p-1)*(q-1)) message^e % n Decryption Encryption message = pow(ciphertext,d,n) ciphertext = pow(message,e,n) Warning: You must use message padding. RSA Review p = random_prime(2^512) q = random_prime(2^512) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to Private Key d = inverse_mod(e,(p-1)*(q-1)) message^e % n Decryption Encryption message = pow(ciphertext,d,n) ciphertext = pow(message,e,n) Warning: You must use message padding. RSA Review Public Key p = random_prime(2^512) N = p*q or 65537 or 35... q = random_prime(2^512) e = 3 Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to message^e % n Decryption Encryption message = pow(ciphertext,d,n) ciphertext = pow(message,e,n) Warning: You must use message padding. RSA Review Public Key p = random_prime(2^512) N = p*q or 65537 or 35... q = random_prime(2^512) e = 3 Private Key d = inverse_mod(e,(p-1)*(q-1)) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to Warning: You must use message padding. RSA Review Public Key p = random_prime(2^512) N = p*q or 65537 or 35... q = random_prime(2^512) e = 3 Private Key d = inverse_mod(e,(p-1)*(q-1)) message^e % n Decryption Encryption message = pow(ciphertext,d,n) ciphertext = pow(message,e,n) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to RSA Review Public Key p = random_prime(2^512) N = p*q or 65537 or 35... q = random_prime(2^512) e = 3 Private Key d = inverse_mod(e,(p-1)*(q-1)) message^e % n Decryption Encryption message = pow(ciphertext,d,n) ciphertext = pow(message,e,n) Warning: You must use message padding. Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to RSA and factoring Private Key Public Key d = inverse_mod(e,(p-1)*(q-1)) N = p*q e = 3 I Fact: If we can factor N, can compute private key from public key. I Factoring might not be the only way to break RSA: might be some way to compute message from ciphertext that doesn't reveal d or factorization of N. We don't know. I Fact: Factoring not known to be NP-hard. It probably isn't. Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to sage: time factor(random_prime(2^128)*random_prime(2^128)) 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard is factoring? sage: time factor(random_prime(2^32)*random_prime(2^32)) 170795249 * 1091258383 Time: CPU 0.01 s, Wall: 0.01 s sage: time factor(random_prime(2^64)*random_prime(2^64)) 4711473922727062493 * 14104094416937800129 Time: CPU 0.13 s, Wall: 0.15 s sage: time factor(random_prime(2^96)*random_prime(2^96)) 4602215373378843555620133613 * 33422266165499970562761950677 Time: CPU 4.64 s, Wall: 4.76 s Bernstein, Heninger, Lange: FactHacks: RSA factorization in the real world http://facthacks.cr.yp.to 249431539076558964376759054734817465081 * 297857583322428928385090659777642423243 Time: CPU 506.95 s, Wall: 507.41 s So how hard

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    112 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us