rsa & f actoring i ntegers by: mike neumiller & brian yarbrough
TRANSCRIPT
RSA & FACTORING INTEGERSBY: MIKE NEUMILLER & BRIAN YARBROUGH
INTEGER FACTORIZATION
• Reducing an integer into its prime components
• Useful for code breaking
• RSA uses a semi-prime number to encrypt data
Semi-prime number: a number made by the multiplication of two prime numbers
RSA
• Public Key Cryptosystem
• Currently used key sizes: 1024 bits to 4096 bits
• Many versions have been cracked already
• Largest of which is the 768 bit version (RSA-768)
• RSA-1024 expected to be cracked in the near future
KEY GENERATION – PUBLIC KEY
•Public key consists of a semi-prime, n, made
from two large prime numbers and an exponent, e.
• Steps to find n and e:• Pick two distinct primes, p and q of similar bit-length
• Calculate n = p * q
• Compute φ(n) = (p – 1)(q – 1)
• Pick an integer e that is coprime with φ(n), such that 1 < e < φ(n)
• Encryption is c ≡ me (mod n)
p, q
n
mod n
φ(n)
edd
KEY GENERATION – PRIVATE KEY
• Private key consists of mod n, and an exponent, d.
• Use e, n and φ(n)) to create the private key.
• d ≡ e-1 (mod φ(n))
• or find d given d⋅e ≡ 1 (mod φ(n))
• Decode using m ≡ cd (mod n)
p, q
n
mod n
φ(n)
edd
HOW DO WE BREAK IT?
• Private key consists of:
• mod n and d
• n is known, so mod n is known, thus d is all we have to find.
• d is created using:
• φ(n) and e
• e is known, so φ(n) is all we have to find now.
• φ(n) = (p – 1) (q – 1)
• So now we only need to find p and q
• n = p * q
• p and q are both primes, so use Integer Factorization!
p, q
n
mod n
φ(n)
edd
FACTORING INTEGERS – THE SIMPLE SOLUTION
• Trial Division
• Easily understood, but laborious for the computer.
• Repeatedly try to divide a number by increasingly larger primes until the full factorization has been found.
• Similar to the way most humans would probably approach the problem.
EXAMPLE CODE FOR TRIAL DIVISION
int main(int argc, char * argv[])
{
unsigned long n = 1;
if (argc <= 1) {
cout << "Please specify a number to factor: ";
cin >> n;
cout << endl;
} else {
n = atol(argv[1]);
}
cout << "Using Trial Division to calculate the prime factors of “
<< n << "...\n" << endl;
vector<unsigned int> factors = trial_division(n);
cout << "Factors found to be: ";
for (unsigned int i = 0; i < factors.size(); ++i) {
if (i > 0) { cout << ", "; }
cout << factors[i];
}
cout << endl;
return 0;
}
std::vector<unsigned int> trial_division(unsigned long n)
{
std::vector<unsigned int> factors;
if (n == 1) {
factors.push_back(1);
return factors;
}
std::vector<unsigned long> primes = prime_sieve(sqrt(n) + 1);
for (unsigned int i = 0; i < primes.size(); ++i) {
if (primes[i] * primes[i] > n) { break; }
while (n % primes[i] == 0) {
factors.push_back(primes[i]);
n /= primes[i];
}
}
if (n > 1) {
factors.push_back(n);
}
return factors;
}
std::vector<unsigned long> prime_sieve(unsigned long max)
{
std::vector<bool> is_prime;
std::vector<unsigned long> primes;
is_prime.resize(max + 1, true);
for (unsigned long i = 2; i <= max; ++i) {
if (!is_prime[i]) { continue; }
primes.push_back(i);
for (unsigned long j = i * i; j <= max; j += i) {
is_prime[j] = false;
}
}
return primes;
}
FACTORING INTEGERS – THE PARALLEL SOLUTIONS
• Quadratic Sieve (QS)
• Factored RSA-129 on April 2, 1994
• 2GB of data was collected over 8 months using computers distributed across the internet.
• Processing of the collected data took another 45 hours on Bellcore’s MasPar supercomputer.
• Was fastest known method for traditionalcomputers until the Number Field Sievewas discovered.
FACTORING INTEGERS – THE PARALLEL SOLUTIONS
• Number Field Sieve (NFS)
• Fastest known method for factoring
• Factored RSA-130 on April 10, 1996
• All RSA numbers to be factored since have been done with NFS.
• Factored RSA-768 (232 digits) on December 12, 2009 after more than 2 years of calculations using a state-of-the-art distributed implementation of NFS.
EXAMPLE - RSA-768 FACTORED
• RSA-768 = 1230186684530117755130494958384962720772853569595334792197322452151726400507263657518745202199786469389956474942774063845925192557326303453731548268507917026122142913461670429214311602221240479274737794080665351419597459856902143413
• When factored, RSA-768 =33478071698956898786044169848212690817704794983713768568912431388982883793878002287614711652531743087737814467999489
× 36746043666799590428244633799627952632279158164343087642676032283815739666511279233373417143396810270092798736308917
FACTORING INTEGERS – THE QUANTUM SOLUTION
• Shor’s Algorithm
• Formulated in 1994 by Peter Shor.
• Has already been shown to work
• Factored 15 in 2001 and again in 2012
• Factored 21 in 2012
• Runs in polynomial time
• Substantially faster than all of our current methods!
COMPARING RUNTIMES
Trial Division O
Number Field Sieve (NFS) O
Shor’s Algorithm O((log N)3)
Comparison of Integer Factorization Algorithm Run Times
Trial Division General Number Field SieveShor's Algorithm
Input Size(Increasing from left to right)
Est
ima
ted
Ru
n T
ime
REQUIREMENTS FOR SHOR’S ALGORITHM
• The number must be odd
• If the number is even, you can always divide by 2 until you get an odd number and then run Shor’s Algorithm.
• The number must be a composite number
• This can be tested by simply checking if the number is already a prime
• The number must not be a power of a prime
• This is checked for by checking the square, cubic, …, k-roots of N where k
≤ log2(n)
HOW SHOR’S ALGORITHM WORKS
• Consists of two parts
• A reduction of the factoring problem to the problem of order-finding problem.
• This part simply turns the factoring problem into the problem of find the period of a function.
• This part can be done on a classical computer!
• A quantum algorithm to solve the order-finding problem.
• This part finds the period using the Quantum Fourier transform.
• This part is responsible for the incredible speedup of Shor’s Algorithm compared to our current methods.
INTEGER FACTORIZATION ALGORITHMS (RECAP)
• Trial Division
• Easily understood, but laborious for the computer.
• Quadratic Sieve (QS)
• Factored RSA-129 on April 2, 1994 after more than 8 months of calculations.
• Second fastest known method for traditional computers.
• Number Field Sieve (NFS)
• Fastest known method for factoring.
• Factored RSA-768 (232 digits) on December 12, 2009 after more than 2 years of calculations.
• Shor’s Algorithm
• Bad news for the RSA encryption if we get a quantum computer of capable of running it for large numbers.
QUESTIONS?