More RSA
Notes
- This is a 10,000 ft overview of RSA
- Basic idea
- You can find three integers e,d, n
- such that 0 ≤ x < n, (xe)d = x % n
- But if you don't have d, it is hard to find it.
- This turns decoding a message into finding the factors of a very large number.
- We don't know, in general, if factoring is hard or not.
- We don't even know if breaking RSA is as hard as factoring or not.
- But we do know we don't know any good way to do it right now.
- Note: When we say "hard" in computer science, we mean
- We can do it
- But it may take more time than it is worth.
- Or more time than might exist.
- But this depends on the size of the problem.
- Here the size of the problem is the size of the number we want to factor
- One factoring algorithm is
Factor(n) factors = [] // two is a special case while (n % 2 == 0 and n ≥ 2) Add 2 to factors n = n / 2 testNum = 3 while (testNum ≤ n) while ( n % testNum == 0 and testNum ≤ n) add testNum to factors n = n / testNum testNum += 2 if n > 1 add n to testNum - We could make this better, but for a prime number we would need testNum to run through 3 to $\sqrt{n}$ by 2.
- One factoring algorithm is
- I don't expect you to know this, but for our discussion you need:
- RSA works as follows
- For three large positive integers e,d,n (like 2048 bit numbers) chosen properly
- $(x^e)^d \% n = x \% n$
- $(x^d)^e \% n = x \% n$
- FOR THE PROPER CHOICE OF e, d, n
- If we know n and either e, finding d is equivalent to factoring xe % n
- So the public key is e and n, and the private key is d.
- A message exchange
- Given: ealice, dalice, n
- M is the message,
- This is just a string of bits, or a 2048 bit long number.
- Or padded to 2048 if it is smaller.
- Bob wants to encrypt the message M, so she computes
- c = mealice % n
- He sends c to alice.
- Alice needs to decrypt this message s so she computes
- p = cdalice % n
- Which will rcover p = m
- Alice must check the padding to make sure it is valid.
- m = (mealice)dalice % m
- In the rsa commands we gave the number of bits to be 2048
- This means the we need to find the prime factors of (use bc to compute 2^2048)
- But openssl-3 rsa can go up to 16k (16,348) bits.
- X the message is also limited by the key
- For a key of size 2048b the maximum message is 245 bytes (or 245 letters)
- But that will be bigger for larger keys.
- To generate a public/private key pair.
- Find two large prime numbers p,q
- n = pq
- find L = LCM(p-q, q-1)
- find e, 1 < e < L, and GCD(e,L) = 1, e is the public key
- find d = e-1 % l, d is the private key
- From the above, if we find L and know e, we can easily find d
- So finding l involves an LCM and GCD computation, both of which require prime factorization.
- Many encryption algorithms rely on methods like these.
- So as long as factoring is hard, we are secure.
- Shor's algorithm is a quantum algorithm for finding prime factors of an integer.
- We do not have a quantum computer capable of correctly running Shor's algorithm on numbers the size we have been discussing AT THIS TIME.
- However within the last few weeks there have been announcements form Google, Cal-tech and UC Berkeley on how soon they believe that the will have a quantum computer capable of breaking the foundation of most cryptocurrency.
- And this means that RSA-2048 will also most likely be breakable.
- The current projection is for this to occur in 2029
- This is called PQC: Post-Quantum Cryptography
- We *THINK* this is probably sometime in 2029
- But who knows what NSA, CIA, China and Russia have.
- We can increase key size which will help
- But everything out there now can be broken.
- Harvest now, decrypt later