RSA Revisited

Working Definition: Remember that A cryptosystem of size $\QTR{Large}{n}$ is a five-tuple MATH where the following conditions are satisfied:

1. $\QTR{Large}{P}$ is a finite set of possible plaintexts:

2. $\QTR{Large}{C}$ is a finite set of possible ciphertexts:

3. $\QTR{Large}{K}$ the keyspace, is the a finite set of possible keys:

4. For each K$\QTR{Large}{\in K}$ there is and encryption rule eMATH and a corresponding decryption rule dMATH. Where

eMATH and dMATH are functions such that for all M$\QTR{Large}{\in P}$ ,dMATH(eMATH(M)) MATH M.

and MATH

RSA ( The RSA algorithm was invented in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman):

For every pair of primes $\QTR{Large}{p}$ and $\QTR{Large}{q}$ there is an "RSA" cryptosystem of size n greater than $\QTR{Large}{pq.}$

1. Next choose $\QTR{Large}{e}$ , MATH, such that $\QTR{Large}{e}$ and MATH are relatively prime.

2. Using the the Euclidean Algorithm we can find $\QTR{Large}{d}$ such that MATH. Note that $\QTR{Large}{e}$ and $\QTR{Large}{d}$ are "symmetric" for

3. Here is RSA

Note: dMATH(eMATH(M)) $\fallingdotseq $ MMATH MMATH (MMATH)$^{\QTR{Large}{a}}$M$\fallingdotseq $ (1)$^{\QTR{Large}{a}}$M$\fallingdotseq $ M

And dMATH(eMATH(M))=M.

An Observation:

At first glance there may appear to be a security opening in RSA. A reasonable question that could be asked is, while it may be hard to factor $\QTR{Large}{n}$ all we really need to do is find $\QTR{Large}{d}$ such that MATH, so given, MATH, is there a way to compute MATH?

The answer is that it is as "hard" to compute MATH from $\QTR{Large}{n}$ as it is to factor $\QTR{Large}{n}$ it self. Here is the argument.

1. For the sake of clarity, set MATH. So if we know $\QTR{Large}{p}$ and $\QTR{Large}{q}$ we can quickly compute $\QTR{Large}{m}$.

Next the important direction.

2. Suppose there was an easy way to compute $\QTR{Large}{m}$ from $\QTR{Large}{n}$. To factor $\QTR{Large}{n}$, we would then only have to solve the two simultaneous equations.

MATH

MATH

in two unknowns $\QTR{Large}{p}$ and $\QTR{Large}{q}$.

Solving the first equation for p gives.

MATH

substituting this into the second equation gives.

MATH

or

MATH.

The quadratic formula does the rest.

The question is, can we defeat RSA of size n? The answer is YES! For any n!

The real question is, how many Moore cycles does it take to defeat RSA of size n?

The sub-question is,what do we mean by defeating RSA?

The answer is, given MATHto find $\QTR{Large}{d\ }$in a timely way.