RSA algorithm

RSA algorithm of encryption algorithm

It is the first algorithm that can be used for data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The name of the algorithm is naming in the inventor's name: Ron Rivest, Adi Shamir and Leonard Adleman. But RSA's security has not been able to obtain theoretical proof. It has experienced various attacks and has not been completely broken.

First, RSA algorithm:

First, find three numbers, p, q, r, where P, q is two different rigid numbers, R is with (P-1) (q-1) mutual number ... P , Q, R These three numbers are private keys, find M, make RM == 1 mod (P-1) (Q-1) ..... this m must exist because R and (P- 1) (Q-1) Mutual, use the rolling to eliminate the method ..... more, calculate n = pq ....... m, n these two numbers are the public key encoding process is If the information is A, it will be regarded as a big integer, assuming a = n, a table is set to S carry (S <= n, usually S = 2 ^ T , Each bit is less than N, then segment encoded ... Next, calculate B == a ^ m mod N, (0 <= b), b is encoded). ..... The process of decoding is, calculate C == B ^ r mod pq (0 <= c If p, q is a meticulous number, RM == 1 mod (P-1) (Q-1), A is any positive integer, b == a ^ M mod pq, c == b ^ r mod pq, then the process of C == a mod pq will be used to use the Gemata, the following: m is either, N is either, then n ^ m == n mod m (in another sentence, if n and m, n ^ (m-1) == 1 mod m use some basic groupual knowledge, it can be easy to discharge Ma Xiaoxi ......... Because rm == 1 mod (p-1) (Q-1), RM = K (P-1) (Q-1) 1, where K is an integer because in modulo is preserve multiplication (x == y mod z and u == V MOD Z => Xu == YV MOD Z), so c == b ^ r == (a ^ m) ^ r == a ^ (rm) == a ^ (k (p-1) (Q- 1) 1) MOD PQ 1. If A is not a multiple of P, it is not a multiple of Q, then A ^ (p-1) == 1 mod p (Gemada Little Theorem) => a ^ (k (p) -1) (q-1)) == 1 mod p A ^ (q-1) == 1 mod => a ^ (k (p-1) (q-1)) = = 1 MOD Q so P, Q can be eliminated by A ^ (k (p-1) (q-1)) - 1 => PQ | A ^ (k (p-1) (Q-1)) - 1 A ^ (k (p-1) (q-1)) == 1 mod pq => c == a ^ (k (p-1) (Q-1) 1) == a mod pq 2. If A is the multiple of P, but when q, then A ^ (q-1) ==

1 mod ((马 小 定)) => a ^ (k (p-1)) == 1 mod => c == a ^ (k (p-1) (Q-1) 1) == a mod => Q | C - a factor P | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod p => P | C - A, PQ | C - a => c == a mod pq 3. If a is the multiple of Q, but is not a multiple of P, it is proved to be equal 4. If A is the multiple of P and Q, PQ | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod pq => PQ | C - a => c == a mod pq qed this theorem Description A After the encoding is decoded to c, a == c mod n (n = pq) .... But when we do coding decoding, limit 0 <= a

The security of RSA depends on the large number of decomposition, but whether it is equivalent to the theoretical proof, because there is no proven to crack the RSA, there must be a large number of decomposition. Assume that there is an algorithm that does not have to decompose, it must be modified to become a large number of decomposition algorithms. At present, some of RSA's variety algorithms have been proven to be equivalent to large decomposition. Anyway, decomposition N is the most obvious attack method. Nowadays, people have decomposed a number of decimal places. Therefore, the modulus n must be selected, depending on the specific applicability.

Third, the speed of RSA

Since all of them are calculated, the fastest cases of RSA are slower than DES, whether it is software or hardware implementation. The speed has always been the defect of RSA. Generally, only a small amount of data encryption.

Fourth, RSA's Choice Ciphertext Attack

RSA is very fragile in front of the selection of ciphertext attacks. The general attacker is to make a piece of information, and sign the entity owned by the private key. Then, the information it wants can be obtained after calculation. In fact, the attack is the same weakness, that is, there is a fact: multiplying the input multiplication structure:

(Xm) ^ D = x ^ D * m ^ D mod n

As mentioned earlier, this inherent problem comes from the most useful feature of the public key cryptographic system - each person can use the public key. However, from the algorithm to solve this problem, there are two main measures: one is a good public key protocol to ensure that the entity does not decrypt the information generated by other entities during the work, and is not known for the information you know nothing. One is never sent to the random document signature sent by the stranger, first use One-Way HashFunction to process the document as Hash, or use different signature algorithms simultaneously. Several different types of attack methods are mentioned in China.

V. RSA public analog number attack

If there is a modulus in the system, only different people have different E and D, and the system will be dangerous. The most common situation is that the same information is encrypted with different public keys, and these public keys are common mode and mutually matched, then the information can be restored without private key. Set P as a clear text, two encryption keys E1 and E2, the public modulus is n, then:

C1 = P ^ E1 MOD N

C2 = P ^ E2 MOD N cryptographic analysts know N, E1, E2, C1 and C2, can get P.

Because E1 and E2 are mutual, I can find R and S with the Euclidean algorithm, satisfying:

R * E1 S * E2 = 1

Suppose r is negative, need to calculate C1 ^ (- 1) with the ECLIDEAN algorithm, then

(C1 ^ (- 1)) ^ (- r) * C2 ^ s = p mod n

In addition, there are several other methods that use common analog to attack. In summary, if you know a pair of E and D for a given analog number, one is conducive to the attacker to decompose analog, one is to contribute to the attacker to calculate other paired E 'and D' without having to decompose anode. The solution is only one, that is, do not share analog number n.

The small index attack of RSA. There is a suggestion for increasing the RSA speed to make the public key E take a smaller value, which makes the encryption easy to achieve, and the speed is improved. But this is unsafe, and the method of dealing with E and D take a large value.

The RSA algorithm is the first algorithm that can be used for encryption and digital signatures, and is also easy to understand and operate. RSA is the most widely studied public key algorithm. From now on, it has been in the past two decades. It has experienced various attacks, and gradually accepts people, and is generally one of the best public key schemes. The security of RSA depends on the factor decomposition of the large number, but does not in theory to prove the difficulty of deciphering RSA and the equivalent of the large number of decomposition. That is, the significant defects of RSA are unable to grasp its confidentiality performance in theory, and most people who pass codenic programs tend to decompose factor is not NPC issues. The shortcomings of RSA have mainly: a) It is very troublesome to generate a key, which is limited by the number of techniques, so it is difficult to achieve a secret. B) Packet length is too large, in order to ensure safety, n at least 600 bits or more, make the calculation cost, especially slower, more symmetric cryptographic algorithms, slowly, and with the development of large decomposition technology This length is also increasing, which is not conducive to standardization of data format. Currently, the SET (Secure Electronic Transaction) protocol requires CA to use a bit long key, and other entities use the bit of the bit.