dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
3 Cryptanalysis of RSA<br />
In this section we present the reader to some of the known attacks against RSA.<br />
As we had a limited amount of time and a specific area of interest (mathematics),<br />
it was not possible to include all the existing attacks against RSA. Rather, we<br />
introduce attacks that explore uniquely the mathematical structure of RSA. For<br />
some other kind of attacks on RSA we suggest the reading of [4][22][8][48].<br />
3.1 Kind of Attacks<br />
There are several types of attacks on RSA. The obvious one is to factor the<br />
modulus N, which will create a total break of the system: the cryptanalyst<br />
will be able to decrypt all messages. This can be achieved with one of the<br />
methods presented in the last chapter. As the factoring methods described<br />
above still do not run in polynomial time, an appropriate choice of the size of<br />
N makes this factoring attack infeasible. There are published standards with<br />
recommendations for the size of N that should be chosen, depending mostly on<br />
the amount of time we wish to keep our data secret.<br />
As we said before, the security of RSA relies mainly on the hardness of the<br />
RSA Problem and the Problem of Factoring Large Integers. There is however,<br />
like shown before, some implementation errors that can open breaches on RSA<br />
security. We start this chapter by presenting some basic errors an inexperienced<br />
user can commit when starting out with RSA and provide the reader the ways<br />
on how to avoid these errors. In the second and third section of this chap-<br />
ter, we illustrate the dangers of choosing small public and private exponents<br />
respectively, recommending (presently) safe bounds for both these values.<br />
3.2 Some Misuses of RSA<br />
The attacks presented in this section were found a long time ago. They showed<br />
some of the possible misuses of an RSA session.<br />
3.2.1 Common Modulus Attack<br />
The idea of the common modulus is that in a session of RSA with several users<br />
there is a trusted entity which defines a modulus N and provides for each user<br />
a pair of public and private valid RSA keys defined modulo φ(n), but not the<br />
33