dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
It is straightforward that, when we input a prime number, the output will<br />
always be prime: in steps 1 and 3 it cannot be considered composite, and in<br />
step 6, because of the previous theorem, it will also not be considered composite<br />
in any of the iterations of the cycle. So it will be considered prime, either in<br />
step 5 or step 7. For a proof that a composite integer is never considered prime<br />
one can read the original AKS article [29]. In [41] an implementation of the<br />
algorithm is described.<br />
There is one important conjecture that, if proven, would improve the effi-<br />
ciency of this algorithm.<br />
Conjecture 2. Let r be a prime that does not divide the positive integer N<br />
and such that (X − 1) N ∼ = X N − 1 (mod n, X r − 1). Then<br />
(N is prime N 2 ∼ = 1 (mod r)) (37)<br />
If this conjecture could be proved, Lenstra and Pomerance’s variant of the<br />
algorithm would have complexity O(log 3 n)[41].<br />
2.2 Factoring Algorithms<br />
Like we said before, the security of RSA depends strongly on the difficulty of<br />
factoring the modulus N. For this reason, special attention should be given to<br />
the state of the art of integer factoring algorithms when implementing RSA.<br />
There are published standards with recommendations 2 for the size of N and<br />
the primes’ size depending mostly on how long we wish to keep the encrypted<br />
data safe. This recommendations depend on some of the algorithms presented<br />
in this section.<br />
Factoring algorithms fall into two categories. One is the General Purpose<br />
Factoring Algorithms which behave in approximately the same way for inte-<br />
gers with the same size. The second category is that of the Special Purpose<br />
Factoring Algorithms which behave better for integers N with certain spe-<br />
cific characteristics, like the size of the smallest factor of N or the divisors of<br />
(N − 1) or (N + 1). To attack an RSA session with balanced primes, a general<br />
purpose algorithm is a priori more suitable, since the factors of N are randomly<br />
chosen and of the same size.<br />
2 http://www.rsa.com/rsalabs/node.asp?id=2218<br />
27