Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
1.89 Mб

Attacks on public key systems


Attacks on public key systems

Keys for asymmetric algorithms are longer than for symmetric ones. However, this does not mean that asymmetric algorithms are necessarily stronger. Exhaustive key searches are not the way to attack asymmetric algorithms. For an asymmetric algorithm, it is easier to attack the underlying mathematical problem. For example, for RSA, it is easier to try to factor the modulus N than to perform an exhaustive key search on all possible decryption keys.

In order to illustrate how recent mathematical advances have influenced the use of public key cryptography we concentrate on RSA and factorization. Similar observations apply to other public key systems, which depend on different mathematical problems.

The state of the art in factoring has advanced tremendously in the last 30 years. This is due to both theoretical and technological

developments. In 1970, the 39-digit number (2128 + 1) was factored into its two prime factors. At the time, this was considered a major achievement. When RSA was first published in 1978, the paper included a 129-digit number to be factored as a challenge, with a prize of $100. This was the first in a series of such challenges. This number was not factored until 1994, and the factorization involved the use of a worldwide network of computers.

In addition to Moore's law, the possibility of improved mathematical factoring techniques is another consideration when determining RSA key sizes. As an illustration we point to the dramatic impact caused by a mathematical innovation, called the General Number Field Sieve (GNFS), which was published in 1993. It meant that the resources needed to use previously known algorithms for factoring numbers of a given size could now be used to factor significantly larger numbers. For instance, resources that had been needed to factor a number of the order of 150 digits, might now factor a number nearer to 180 digits. This mathematical advance exceeded all performance increases predicted for technological advances for many years.

The 155-digit challenge number RSA-512 was factored using this technique in 1999. This factorization took less than eight months and, once again, involved a worldwide network of computers. An illustration of the mathematical complexity of the problem is that the final stage involved the solution of over six million simultaneous equations. This has been followed by a challenge published in The Code Book, which also required the factorization of a 512-bit modulus. These factorizations are significant as moduli of this size (155 digits or 512 bits) were routinely used in public key cryptography a few years ago.

Current recommendations for the moduli size for RSA typically range from 640 to 2,048 bits, depending on the security required. A 2,048-bit number has 617 decimal digits. To demonstrate how enormous this number is, we give the RSA challenge number of this size. Fame and a prize of $200,000 await the first team to successfully factor it.














When discussing exhaustive key searches, we mentioned the potential impact of quantum computers. Although they would cause dramatic increases in the sizes of symmetric keys, there is little doubt that the cryptographic community would adapt and that symmetric algorithms would continue to be used securely. The same may not be true for public key systems. For these systems quantum computing would be a more serious threat. For instance factorization would become significantly easier. Fortunately even the most optimistic quantum computing enthusiasts are not predicting large quantum computers for at least 20 years.


file:///D|/1/4303/Fly0030.html [08.10.2007 12:51:16]

Тут вы можете оставить комментарий к выбранному абзацу или сообщить об ошибке.

Оставленные комментарии видны всем.