Attacks on RSA: Difference between revisions
imported>Sandy Harris |
imported>Sandy Harris No edit summary |
||
| Line 8: | Line 8: | ||
| title=Cryptanalysis of short RSA secret exponents | | title=Cryptanalysis of short RSA secret exponents | ||
| author=Wiener, M.J. | | author=Wiener, M.J. | ||
| journal= IEEE Transactions on Information Theory | | journal=IEEE Transactions on Information Theory | ||
| volume= 36 | | volume=36 | ||
| issue= 3 | | issue=3 | ||
| date=May 1990</ref> based on [[continued fraction]]s which is effective if the exponent in the secret key is small. | | date=May 1990</ref> based on [[continued fraction]]s which is effective if the exponent in the secret key is small. | ||
Revision as of 23:53, 13 April 2009
A number of methods have been proposed for attacking the RSA cryptosystem. This article describes them.
Any efficient solution to the integer factorisation problem would break RSA; see the RSA article for discussion. The difficulty with that approach is that no efficient solution is known. Cracking a large (say 1024 bits or more) RSA key with current factoring algorithms is not practical, even with massive parallelism.
Weiner attack
Michael Weiner proposed an attack [1] based on continued fractions which is effective if the exponent in the secret key is small.
TWIRL
The Weizman Instiute Relation Locator [2], developed by Adi Shamir (The 'S' in RSA) and Evan Tromer, is a machine designed to speed up the seiving step in the number field seive technique for integer factorisation.
RSA Security have commented [1].
References
- ↑ {{cite paper | title=Cryptanalysis of short RSA secret exponents | author=Wiener, M.J. | journal=IEEE Transactions on Information Theory | volume=36 | issue=3 | date=May 1990
- ↑ Adi Shamir & Eran Tromer (2003). On the cost of factoring RSA-1024.