RSA Revisited

Working Definition: Remember that A cryptosystem of size $\QTR{Large}{n}$ is a five-tuple where the following conditions are satisfied:

1. $\QTR{Large}{P}$ is a finite set of possible plaintexts:

2. $\QTR{Large}{C}$ is a finite set of possible ciphertexts:

3. $\QTR{Large}{K}$ the keyspace, is the a finite set of possible keys:

4. For each K $\QTR{Large}{\in K}$ there is and encryption rule e and a corresponding decryption rule d. Where

e and d are functions such that for all M $\QTR{Large}{\in P}$ ,d(e(M)) M.

and

RSA ( The RSA algorithm was invented in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman):

For every pair of primes $\QTR{Large}{p}$ and $\QTR{Large}{q}$ there is an "RSA" cryptosystem of size n greater than $\QTR{Large}{pq.}$

1. Next choose $\QTR{Large}{e}$ , , such that $\QTR{Large}{e}$ and are relatively prime.

2. Using the the Euclidean Algorithm we can find $\QTR{Large}{d}$ such that . Note that $\QTR{Large}{e}$ and $\QTR{Large}{d}$ are "symmetric" for

3. Here is RSA

$\QTR{Large}{P=C}$ is the set of integers between $\QTR{Large}{1}$ and $\QTR{Large}{pq=n}$ and relatively prime to $\QTR{Large}{n}$ .
$\QTR{Large}{K}$ the keyspace, is the set of pairs $\QTR{Large}{e}$ , $\QTR{Large}{d}$ as above:
For each K in $\QTR{bs}{K}$ and all M $\in \QTR{bs}{P}$ , e(M)) $\fallingdotseq$ M $^{\QTR{Large}{e}}$ =C and d(C) $\fallingdotseq$ C $^{\QTR{Large}{d}}$

Note: d(e(M)) $\fallingdotseq$ M M (M) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ (1) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ M

And d(e(M))=M.

An Observation:

At first glance there may appear to be a security opening in RSA. A reasonable question that could be asked is, while it may be hard to factor $\QTR{Large}{n}$ all we really need to do is find $\QTR{Large}{d}$ such that , so given, , is there a way to compute ?

The answer is that it is as "hard" to compute from $\QTR{Large}{n}$ as it is to factor $\QTR{Large}{n}$ it self. Here is the argument.

1. For the sake of clarity, set . So if we know $\QTR{Large}{p}$ and $\QTR{Large}{q}$ we can quickly compute $\QTR{Large}{m}$ .

Next the important direction.

2. Suppose there was an easy way to compute $\QTR{Large}{m}$ from $\QTR{Large}{n}$ . To factor $\QTR{Large}{n}$ , we would then only have to solve the two simultaneous equations.

in two unknowns $\QTR{Large}{p}$ and $\QTR{Large}{q}$ .

Solving the first equation for p gives.

substituting this into the second equation gives.

The quadratic formula does the rest.

The question is, can we defeat RSA of size n? The answer is YES! For any n!

The real question is, how many Moore cycles does it take to defeat RSA of size n?

The sub-question is,what do we mean by defeating RSA?

The answer is, given to find $\QTR{Large}{d\ }$ in a timely way.