Attacks on RSA: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}")
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}
A number of methods have been proposed for attacking the [[RSA cryptosystem]]. This article describes them.


A number of methods have been proposed for attacking the [[RSA]] cryptosystem. This article describes them.
Any efficient solution to the [[integer factorisation]] problem would break RSA; see the [[RSA algorithm#RSA_and_factoring | RSA article]] for discussion. The difficulty with that approach is that no efficient solution is known. Cracking a large (say 1024 bits or more) RSA key with current factoring algorithms is not practical, even with massive parallelism.
 
Any efficient solution to the [[integer factorisation]] problem would break RSA; see the [[RSA#RSA_and_factoring | RSA article]] for discussion. The difficulty with that approach is that no efficient solution is known. Cracking a large (say 1024 bits or more) RSA key with current factoring algorithms is not practical, even with massive parallelism.


== Weiner attack ==
== Weiner attack ==
 
[[Michael Weiner]] proposed an attack <ref>{{cite paper
Michael Weiner proposed an attack <ref>{{cite paper
| title=Cryptanalysis of short RSA secret exponents
| title=Cryptanalysis of short RSA secret exponents
| author=Wiener, M.J.
| author=Wiener, M.J.
Line 16: Line 14:


== TWIRL ==
== TWIRL ==
 
'''The Weizmann Institute Relation Locator'''  <ref>{{cite paper
'''The Weizmann Instiute Relation Locator'''  <ref>{{cite paper
| author=Adi Shamir & Eran Tromer
| title=On the cost of factoring RSA-1024
| journal=RSA CryptoBytes
| volume=6
| date=2003
| url=http://people.csail.mit.edu/tromer/
}}</ref>, developed by [[Adi Shamir]] (The 'S' in RSA) and [[Eran Tromer]], is a machine designed to speed up the seiving step in the [[number field seive]] technique for [[integer factorisation]].
 
RSA Security have commented [http://www.rsa.com/rsalabs/node.asp?id=2004].
 
==References==
{{reflist|2}}
 
== Weiner attack ==
 
Michael Weiner proposed an attack <ref>{{cite paper
| title=Cryptanalysis of short RSA secret exponents
| author=Wiener, M.J.
| journal=IEEE Transactions on Information Theory
| volume=36
| issue=3
| date=May 1990}}</ref> based on [[continued fraction]]s which is effective if the exponent in the secret key is small. There have since been many papers proposing improvements on or variants of that attack.
 
== TWIRL ==
 
'''The Weizmann Instiute Relation Locator'''  <ref>{{cite paper
  | author=Adi Shamir & Eran Tromer
  | author=Adi Shamir & Eran Tromer
  | title=On the cost of factoring RSA-1024
  | title=On the cost of factoring RSA-1024
Line 50: Line 21:
  | date=2003
  | date=2003
  | url=http://people.csail.mit.edu/tromer/
  | url=http://people.csail.mit.edu/tromer/
}}</ref>, developed by [[Adi Shamir]] (The 'S' in RSA) and [[Eran Tromer]], is a machine designed to speed up the seiving step in the [[number field seive]] technique for [[integer factorisation]].
}}</ref>, developed by [[Adi Shamir]] (The 'S' in RSA) and [[Eran Tromer]], is a machine designed to speed up the sieving step in the [[number field sieve]] technique for [[integer factorisation]].


RSA Security have commented [http://www.rsa.com/rsalabs/node.asp?id=2004].
RSA Security have commented [http://www.rsa.com/rsalabs/node.asp?id=2004].

Latest revision as of 05:48, 8 April 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

A number of methods have been proposed for attacking the RSA cryptosystem. This article describes them.

Any efficient solution to the integer factorisation problem would break RSA; see the RSA article for discussion. The difficulty with that approach is that no efficient solution is known. Cracking a large (say 1024 bits or more) RSA key with current factoring algorithms is not practical, even with massive parallelism.

Weiner attack

Michael Weiner proposed an attack [1] based on continued fractions which is effective if the exponent in the secret key is small. There have since been many papers proposing improvements on or variants of that attack.

TWIRL

The Weizmann Institute Relation Locator [2], developed by Adi Shamir (The 'S' in RSA) and Eran Tromer, is a machine designed to speed up the sieving step in the number field sieve technique for integer factorisation.

RSA Security have commented [1].

References

  1. Wiener, M.J. (May 1990). "Cryptanalysis of short RSA secret exponents".
  2. Adi Shamir & Eran Tromer (2003). On the cost of factoring RSA-1024.