dissertacao.pdf

More documents

Recommendations

Info

4 Conclusions The several attacks presented in this work, or any other known attack, have not rendered the RSA cryptosystem unsafe. There is good prospects that some attacks, specially the ones by Boneh and Durfee and Blomer and May will become more powerful as soon as we get more knowledge on what we called The Coppersmith Method Conjectures. These conjectures seem to be closely related with the security of RSA and proving them would be definitely useful. However, none of these heuristic attacks seems to threat RSA security com- pletely. New bounds will be set and new precautions will be needed. But the most important criteria for the RSA safety is still the Large Integer Factorization Problem. Though there have been several advances in this area, an algorithm running in polynomial time to factor large integers is still not known. The experiments on this work have not led to any new results but we hope that, along with the simple implementations presented, they can motivate the reader to further explore the existing attacks on RSA and to think how one can improve them. One topic that deserves more study is the variants of RSA. They present exciting new possibilities but their security has not yet been as analysed as thoroughly as that of standard RSA. Its probably in them that the future of cryptography lies, so the sooner we understand them, the sooner it will be safer for us to rely on them. 51
5 Bibliography [1] Kamilah Abdullah, Comparison between the RSA Cryptosystem and Ellip- tic Curve Cryptography, Master’s thesis, University of Waikato, 1998. [2] Manindra Agrawal, Primality Tests Based on Fermat’s Little Theorem, ICDCN, 2006, pp. 288–293. [3] J Blomer and A. May, Low Secret Exponent RSA Revisited, Lecture Notes in Computer Science (2001). [4] Dan Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the American Mathematical Society (1999). [5] Richard P. Brent, Recent Progress and Prospects for Integer Factorisation Algorithms, Proceeding COCOON ’00 Proceedings of the 6th Annual In- ternational Conference on Computing and Combinatorics (2000). [6] Matthew E. Briggs, An Introduction to the General Number Field Sieve, Master’s thesis, Virginia Polytechnic Institute and State University, 1998. [7] Daniel R. L. Brown, A Weak-Randomizer Attack on RSA-OAEP with e = 3, 2005. [8] Carlos Frederico Cid, Cryptanalysis of RSA: A Survey, Information Secu- rity Reading Room (1988). [9] D. Coppersmith, Small Solutions to Polynomial Equations, and Low Expo- nent RSA Vulnerabilities, Journal of Cryptology (1997). [10] G Durfee D Boneh and Y Frankel, An Attack on RSA Given a Small Frac- tion of the Private Key Bits, Lecture Notes in Computer Science (1998). [11] Tania Lange Daniel J. Bernstein, Peter Birkner and Christiane Peters, ECM using Edwards Curves, Journal of Cryptology (2010). [12] J. M. DeLaurentis, A Further Weakness in the Common Modulus Protocol for the RSA Cryptoalgorithm, Cryptologia (1984). 52
Page 1 and 2:
A Survey of Cryptanalytic Attacks o
Page 3 and 4:
Palavras Chave: RSA, criptanálise,
Page 5 and 6:
Contents 1 Introduction 1 1.1 Crypt
Page 7 and 8: List of Tables 1 Notation . . . . .
Page 9 and 10: messages, Alice and Bob needed a se
Page 11 and 12: key, have lead to restrictions over
Page 13 and 14: 1.5.2 Time Complexity In cryptograp
Page 15 and 16: Definition 8. Given an integer N >
Page 17 and 18: If we want to solve a system of lin
Page 19 and 20: 1.5.5 Continued Fractions The conti
Page 21 and 22: 1.6 RSA Definition We are now in co
Page 23 and 24: calculates these roots (though, as
Page 25 and 26: not the case regarding RSA as we ha
Page 27 and 28: 1.8.3 Common Prime RSA For the Comm
Page 29 and 30: So if we use contrapositive of this
Page 31 and 32: The consequence of this theorem is
Page 33 and 34: 2.1.4 AKS Test In 2004, a major bre
Page 35 and 36: We will begin with an old method cr
Page 37 and 38: Theorem 18. Let N > 1 be an integer
Page 39 and 40: e reduced. Regarding the GNFS, it s
Page 41 and 42: factorization of N. That is, each u
Page 43 and 44: Table 3: DeLaurentis Attack’s Exp
Page 45 and 46: Notice that gi(m) ∼ = 0 (mod Ni)
Page 47 and 48: ecovery exponent l to reveal the pl
Page 49 and 50: y fN(x) = 2 −k1e ((m22 k2 + x2 k1
Page 51 and 52: Theorem 25. Let two plain texts m1,
Page 53 and 54: Theorem 28. Given an RSA modulus N
Page 55 and 56: increment m by one and start again.
Page 57: avoided. It should be noted that, o
Page 61 and 62: [27] Arjen K. Lenstra, Primality Te
Page 63 and 64: A Implementations of the attacks fr
Page 65 and 66: q = RandomPrime[{2∧ (nbits − 1)
Page 67 and 68: While[i ≤ 23, n0 = Min[n0, nlist[
Page 69 and 70: B Implementations of the attacks fr
Page 71 and 72: C Implementation of Wiener’s atta
show all

dissertacao.pdf

Create successful ePaper yourself

Delete template?

Save as template?