RSA整数的概念

Int. J. Appl. Cryptogr. Pub Date : 2011-04-21 DOI:10.1504/IJACT.2014.062723

Daniel Loebenberger, Michael Nüsken

{"title":"RSA整数的概念","authors":"Daniel Loebenberger, Michael Nüsken","doi":"10.1504/IJACT.2014.062723","DOIUrl":null,"url":null,"abstract":"The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a 'secure' RSA modulus it does not matter how exactly one generates RSA integers. In this work, we show that this is indeed the case to a large extent. First, we give a theoretical framework that enables us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define up to an error of very small order and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.","PeriodicalId":350332,"journal":{"name":"Int. J. Appl. Cryptogr.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Notions for RSA integers\",\"authors\":\"Daniel Loebenberger, Michael Nüsken\",\"doi\":\"10.1504/IJACT.2014.062723\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a 'secure' RSA modulus it does not matter how exactly one generates RSA integers. In this work, we show that this is indeed the case to a large extent. First, we give a theoretical framework that enables us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define up to an error of very small order and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.\",\"PeriodicalId\":350332,\"journal\":{\"name\":\"Int. J. Appl. Cryptogr.\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Appl. Cryptogr.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJACT.2014.062723\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Appl. Cryptogr.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJACT.2014.062723","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

RSA密码系统的密钥生成算法在几个标准中指定，例如pkcs# 1、IEEE 1363-2000、FIPS 183 -3、ANSI X9.44或ISO/IEC 18033-2。它们在要求上都有很大的不同。这表明，对于计算“安全”RSA模数，如何精确地生成RSA整数并不重要。在这项工作中，我们表明在很大程度上确实如此。首先，我们给出了一个理论框架，使我们能够轻松地计算所考虑的标准的输出分布的熵，并表明它相对较高。为此，我们为每个标准计算它们定义的整数的数量，直至误差非常小的顺序，并讨论生成特定形式整数的不同方法。其次，我们证明分解这样的整数是困难的，假设分解两个大小相似的素数的乘积是困难的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Notions for RSA integers

The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a 'secure' RSA modulus it does not matter how exactly one generates RSA integers. In this work, we show that this is indeed the case to a large extent. First, we give a theoretical framework that enables us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define up to an error of very small order and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Appl. Cryptogr.

自引率

0.00%

发文量