It is the first algorithm that can be used for data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The name of the algorithm is naming in the inventor's name: Ron Rivest, Adi Shamir and Leonard Adleman. But RSA's security has not been able to obtain theoretical proof. It has experienced various attacks and has not been completely broken.
First, RSA algorithm:
First, find three numbers, p, q, r, where P, q is two different rigid numbers, R is with (P-1) (q-1) mutual number ... P , Q, R These three numbers are private keys, find M, make RM == 1 mod (P-1) (Q-1) ..... this m must exist because R and (P- 1) (Q-1) Mutual, use the rolling to eliminate the method ..... more, calculate n = pq ....... m, n these two numbers are the public key encoding process is If the information is A, it will be regarded as a big integer, assuming a
1 mod ((马 小 定)) => a ^ (k (p-1)) == 1 mod => c == a ^ (k (p-1) (Q-1) 1) == a mod => Q | C - a factor P | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod p => P | C - A, PQ | C - a => c == a mod pq 3. If a is the multiple of Q, but is not a multiple of P, it is proved to be equal 4. If A is the multiple of P and Q, PQ | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod pq => PQ | C - a => c == a mod pq qed this theorem Description A After the encoding is decoded to c, a == c mod n (n = pq) .... But when we do coding decoding, limit 0 <= a The security of RSA depends on the large number of decomposition, but whether it is equivalent to the theoretical proof, because there is no proven to crack the RSA, there must be a large number of decomposition. Assume that there is an algorithm that does not have to decompose, it must be modified to become a large number of decomposition algorithms. At present, some of RSA's variety algorithms have been proven to be equivalent to large decomposition. Anyway, decomposition N is the most obvious attack method. Nowadays, people have decomposed a number of decimal places. Therefore, the modulus n must be selected, depending on the specific applicability. Third, the speed of RSA Since all of them are calculated, the fastest cases of RSA are slower than DES, whether it is software or hardware implementation. The speed has always been the defect of RSA. Generally, only a small amount of data encryption. Fourth, RSA's Choice Ciphertext Attack RSA is very fragile in front of the selection of ciphertext attacks. The general attacker is to make a piece of information, and sign the entity owned by the private key. Then, the information it wants can be obtained after calculation. In fact, the attack is the same weakness, that is, there is such a fact: multiplying the input multiplication structure: (xm) ^ D = x ^ D * m ^ D mod N has been mentioned, this is inherent The problem comes from the most useful feature of the public key cryptographic system - each person can use the public key. However, from the algorithm to solve this problem, there are two main measures: one is a good public key protocol to ensure that the entity does not decrypt the information generated by other entities during the work, and is not known for the information you know nothing. One is never sent to the random document signature sent by the stranger, first use One-Way HashFunction to process the document as Hash, or use different signature algorithms simultaneously. Several different types of attack methods are mentioned in China. V. RSA public analog number attack