RSA algorithm of encryption algorithm

xiaoxiao2021-03-06  109

It is the first algorithm that can be used for data encryption and digital signatures. It is easy to understand and operate, and it is also very popular. The name of the algorithm is naming in the inventor's name: Ron Rivest, Adi Shamir and Leonard Adleman. But RSA's security has not been able to obtain theoretical proof. It has experienced various attacks and has not been completely broken.

First, RSA algorithm:

First, find three numbers, p, q, r, where P, q is two different rigid numbers, R is with (P-1) (q-1) mutual number ... P , Q, R These three numbers are private keys, find M, make RM == 1 mod (P-1) (Q-1) ..... this m must exist because R and (P- 1) (Q-1) Mutual, use the rolling to eliminate the method ..... more, calculate n = pq ....... m, n these two numbers are the public key encoding process is If the information is A, it will be regarded as a big integer, assuming a = n, a table is set to S carry (S <= n, usually S = 2 ^ T , Each bit is less than N, then segment encoded ... Next, calculate B == a ^ m mod N, (0 <= b), b is encoded). ..... The process of decoding is, calculate C == B ^ r mod pq (0 <= c If p, q is a meticulous number, RM == 1 mod (P-1) (Q-1), A is any positive integer, b == a ^ M mod pq, c == b ^ r mod pq, then the process of C == a mod pq will be used to use the Gemata, the following: m is either, N is either, then n ^ m == n mod m (in another sentence, if n and m, n ^ (m-1) == 1 mod m use some basic groupual knowledge, it can be easy to discharge Ma Xiaoxi ......... Because rm == 1 mod (p-1) (Q-1), RM = K (P-1) (Q-1) 1, where K is an integer because in modulo is preserve multiplication (x == y mod z and u == V MOD Z => Xu == YV MOD Z), so c == b ^ r == (a ^ m) ^ r == a ^ (rm) == a ^ (k (p-1) (Q- 1) 1) MOD PQ 1. If A is not a multiple of P, it is not a multiple of Q, then A ^ (p-1) == 1 mod p (Gemada Little Theorem) => a ^ (k (p) -1) (q-1)) == 1 mod p A ^ (q-1) == 1 mod => a ^ (k (p-1) (q-1)) = = 1 MOD Q so P, Q can be eliminated by A ^ (k (p-1) (q-1)) - 1 => PQ | A ^ (k (p-1) (Q-1)) - 1 A ^ (k (p-1) (q-1)) == 1 mod pq => c == a ^ (k (p-1) (Q-1) 1) == a mod pq 2. If A is the multiple of P, but when q, then A ^ (q-1) ==

1 mod ((马 小 定)) => a ^ (k (p-1)) == 1 mod => c == a ^ (k (p-1) (Q-1) 1) == a mod => Q | C - a factor P | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod p => P | C - A, PQ | C - a => c == a mod pq 3. If a is the multiple of Q, but is not a multiple of P, it is proved to be equal 4. If A is the multiple of P and Q, PQ | a => c == a ^ (k (p-1) (q-1) 1) == 0 mod pq => PQ | C - a => c == a mod pq qed this theorem Description A After the encoding is decoded to c, a == c mod n (n = pq) .... But when we do coding decoding, limit 0 <= a

The security of RSA depends on the large number of decomposition, but whether it is equivalent to the theoretical proof, because there is no proven to crack the RSA, there must be a large number of decomposition. Assume that there is an algorithm that does not have to decompose, it must be modified to become a large number of decomposition algorithms. At present, some of RSA's variety algorithms have been proven to be equivalent to large decomposition. Anyway, decomposition N is the most obvious attack method. Nowadays, people have decomposed a number of decimal places. Therefore, the modulus n must be selected, depending on the specific applicability.

Third, the speed of RSA

Since all of them are calculated, the fastest cases of RSA are slower than DES, whether it is software or hardware implementation. The speed has always been the defect of RSA. Generally, only a small amount of data encryption.

Fourth, RSA's Choice Ciphertext Attack

RSA is very fragile in front of the selection of ciphertext attacks. The general attacker is to make a piece of information, and sign the entity owned by the private key. Then, the information it wants can be obtained after calculation. In fact, the attack is the same weakness, that is, there is such a fact: multiplying the input multiplication structure: (xm) ^ D = x ^ D * m ^ D mod N has been mentioned, this is inherent The problem comes from the most useful feature of the public key cryptographic system - each person can use the public key. However, from the algorithm to solve this problem, there are two main measures: one is a good public key protocol to ensure that the entity does not decrypt the information generated by other entities during the work, and is not known for the information you know nothing. One is never sent to the random document signature sent by the stranger, first use One-Way HashFunction to process the document as Hash, or use different signature algorithms simultaneously. Several different types of attack methods are mentioned in China.

V. RSA public analog number attack

转载请注明原文地址:https://www.9cbs.com/read-125188.html

New Post(0)