Attacks on public key systems
Team-Fly
Attacks on public key systems
Keys for asymmetric algorithms are longer than for symmetric ones. However, this does not mean that asymmetric algorithms are necessarily stronger. Exhaustive key searches are not the way to attack asymmetric algorithms. For an asymmetric algorithm, it is easier to attack the underlying mathematical problem. For example, for RSA, it is easier to try to factor the modulus N than to perform an exhaustive key search on all possible decryption keys.
In order to illustrate how recent mathematical advances have influenced the use of public key cryptography we concentrate on RSA and factorization. Similar observations apply to other public key systems, which depend on different mathematical problems.
The state of the art in factoring has advanced tremendously in the last 30 years. This is due to both theoretical and technological
developments. In 1970, the 39-digit number (2128 + 1) was factored into its two prime factors. At the time, this was considered a major achievement. When RSA was first published in 1978, the paper included a 129-digit number to be factored as a challenge, with a prize of $100. This was the first in a series of such challenges. This number was not factored until 1994, and the factorization involved the use of a worldwide network of computers.
In addition to Moore's law, the possibility of improved mathematical factoring techniques is another consideration when determining RSA key sizes. As an illustration we point to the dramatic impact caused by a mathematical innovation, called the General Number Field Sieve (GNFS), which was published in 1993. It meant that the resources needed to use previously known algorithms for factoring numbers of a given size could now be used to factor significantly larger numbers. For instance, resources that had been needed to factor a number of the order of 150 digits, might now factor a number nearer to 180 digits. This mathematical advance exceeded all performance increases predicted for technological advances for many years.
The 155-digit challenge number RSA-512 was factored using this technique in 1999. This factorization took less than eight months and, once again, involved a worldwide network of computers. An illustration of the mathematical complexity of the problem is that the final stage involved the solution of over six million simultaneous equations. This has been followed by a challenge published in The Code Book, which also required the factorization of a 512-bit modulus. These factorizations are significant as moduli of this size (155 digits or 512 bits) were routinely used in public key cryptography a few years ago.
Current recommendations for the moduli size for RSA typically range from 640 to 2,048 bits, depending on the security required. A 2,048-bit number has 617 decimal digits. To demonstrate how enormous this number is, we give the RSA challenge number of this size. Fame and a prize of $200,000 await the first team to successfully factor it.
25195908475657893494027183240048398571429282126204
03202777713783604366202070759555626401852588078440
69182906412495150821892985591491761845028084891200
72844992687392807287776735971418347270261896375014
97182469116507761337985909570009733045974880842840
17974291006424586918171951187461215151726546322822
16869987549182422433637259085141865462043576798423
38718477444792073993423658482382428119816381501067
48104516603773060562016196762561338441436038339044
14952634432190114657544454178424020924616515723350
77870774981712577246796292638635637328991215483143
81678998850404453640235273819513786365643912120103
97122822120720357
When discussing exhaustive key searches, we mentioned the potential impact of quantum computers. Although they would cause dramatic increases in the sizes of symmetric keys, there is little doubt that the cryptographic community would adapt and that symmetric algorithms would continue to be used securely. The same may not be true for public key systems. For these systems quantum computing would be a more serious threat. For instance factorization would become significantly easier. Fortunately even the most optimistic quantum computing enthusiasts are not predicting large quantum computers for at least 20 years.
Team-Fly
file:///D|/1/4303/Fly0030.html [08.10.2007 12:51:16]