![[JoGu]](../../JGU.gif) |
Cryptology
III.2 Cryptanalysis of RSA |
a7Hzq .#5r<
kÜ\as TâÆK$
ûj(Ö2 ñw%h:
Úk{4R f~`z8
¤˜Æ+Ô „&¢Dø |
|
Contents
- The prime number theorem [PDF]
- Computing the key and factoring [PDF]
- The probability of flops [PDF]
- Factoring algorithms (overview) [PDF]
- Iteration attack [PDF]
- Breaking single ciphertexts [PDF]
- Re-use of a module [PDF]
- Small exponents [PDF]
- The signature trap [PDF]
- More attacks (overview) [PDF]
The complete chapter as PDF file
Overview
»Cryptanalysis of RSA« doesn't break the cipher—except in a few exceptional
situations—but traces out the framework for applying it in a secure way according to
our best judgment. In particular it helps avoiding some traps.
We want answers to the questions:
- Do there exist sufficiently many keys to evade an exhaustion attack?
- Which mathematical results might lead to breaking an RSA ciphertext? Or to a computation
of the private key?
- How to choose the parameters in order to avoid weaknesses?
A summary of the results is
|
The RSA cipher is secure according to the present state of the science. However the
choice of the parameters must avoid some traps. In particular the key length should be
at least 2048 bits for short-term security, 4096 bits for medium-term security.
|
There is a good overview in:
Author: Klaus Pommerening, 2000-May-21;
last change: 2021-Feb-21