0 Introduction
RSA algorithm is based on a very simple arithmetical fact: multiplying two large prime numbers is very easy, but factoring want their product is extremely difficult.
This article discusses the relevant knowledge about prime numbers.
1 primality test
Question 1: How to determine whether a large integer is a prime number
1.1 trial division
Trial division: it is determined whether n is prime, a cycle to write its ability to divide n from 2 sqrt (n) is determined, if it can not be a prime number n.
If n is small, then using trial division of course very efficient and quick. But when the great n time, this algorithm may not work
with RSA1024 example, when the public key
0x890e23101a542913da8a4350672c9ef8e7b34c2687ce8cd8db3fb34244a791d60c9dc0a53172a56dcc8a66f553c0ae51e9e2e2ce9486fa6b00a6c556bfed139001133cdfe5921c425eb8823b1bd0a4c00920d24bee2633256328502eadbfac1420f9a5f47139de6f14d8eb7c2b7c0cec42530c0a71dadb80c7214f5cd19a3f2f
, The two prime factors are
0xe5a111a219c64f841669400f51a54dd4e75184004f0f4d21c6ae182cfb528652a02d6d677a72b564c505b1ed42a0c648dbfe14eb66b04c0d60ba3872826c32e7
with
0x98cb760764484e29245521be08e7f38edeebfca8427149524ba7f4735e1d5f3a45d585cb3722ff4c07c19165be738311dc346a914966f5b311416fed3b425079
It was converted to decimal
12026655772210679470465581609002525329245773732132014742758935511187863487919026457076252932048619706498126046597130520643092209728783224795661331197604583
with
8002511426596424351829267099531651390448054153452321185350746845306277585856673898048740413439442356860630765545600353049345324913056448174487017235828857
This is a 155 and a 154-digit number of digits, are about 511 power of 2, which is not routinely calculated!
Of course, not no way, mathematicians are always some dishonest for us to show the way.
1.2 Fermat's Little Theorem
Fermat's little theorem is a theorem in number theory: If a is an integer, p is a prime number, then ap-a is a multiple of p, it can be expressed as a p ≡a (mod p) if a multiple of A is not a p of this theorem It can also be written as A P -1≡1 (mod p)
Note that, Fermat's little theorem is a necessary condition for judging whether a number is prime, not a sufficient condition, because there are some pseudo-primes satisfy Fermat's Little Theorem is not a prime number, such as 2 340 ≡1 (mod341), but 341 = 11 × 31
1.3 Fermat primality test
We only consider the case where a = 2, if we consider the case where a = 3, a composite number may be passed the test when a = 2, the calculation results when a = 3 but exclude the possibility of primes. Accordingly, it expands the definition of the pseudo-prime number satisfying said a n- -1modn composite number n 1 = called pseudo-prime number (pseudoprime to base a) as the base in a. Pseudo prime front 1 billion natural numbers 2 and 3 at the same time as the end of 1272 only, just less than a quarter of this number. This tells us that if both verify a = 2 and a = 3 both cases, probabilistic algorithms of error down to 0.000025. Easy to think, the more choice to test a, the more accurate algorithm. Our approach is typically randomly selected positive integer number tested in several small test several times in base as a, as long as one does not pass the test can determine this number is a composite number.这就是Fermat素性测试。
1.4 Miller-Rabin primality test
To test whether N is a prime number, N-1 is first decomposed into 2 S D. At the start of each test, a randomly selected first range [1, N-1] of the integers a, if after all r∈ [0, s-1] , when A D modN ≠. 1 and A 2rd modN ≠ -1, N is a composite number. Otherwise, N 3/4 probability of a prime number.
Like Fermat primality test, Miller-Rabin primality test can still determine a number 可能is prime, but this method has for its fast, efficient and widely used.
We decided to test type primes
A deterministic determination of a large integer is prime prime test method -AKS
AKS primes test (also known as Agrawal-Kayal-Saxena primes testing and Cyclotomic AKS test) is a decision-type prime testing algorithms, three from the Indian Institute of Technology Kanpur computer scientists, Manindra Agrawal, Neeraj Kayal and Nitin Saxena, 2002 August 6 published an article titled pRIMES is in P (prime number belongs to P) paper. The authors therefore won many awards, including the 2006 Gödel Prize and in 2006 Fulkerson Prize. This algorithm may be within the polynomial time, we decide whether a given integer is a prime number or a composite number.
2 generating large prime numbers
The most straightforward way is to randomly search, for example, to generate a 100 large prime numbers, we first generate a random sequence of numbers, and then use the Miller-Rabin primality test to test it can be, if not a prime number, then randomly generate a so the cycle continues.
Of course, we can use the random search method (completely different each time it generates a random number), a random search algorithm is incremented (after generating a random number, each extending its 2) may be employed
the step of generating an n-bit decimal large prime number as follows:
- Generating a
nrandom number bitpand the most significant bit can not0, - If the lowest bit is even, then add it
1to ensure that the number is an odd number in order to save time - The number of tests can be
10000a prime number (less total1228number) is divisible, so you can quickly eliminate many composite number, to save time - In
2thep-1this generates a random number a, toaa bottom topbe Miller-Rabin primality test, if p is bonded by way of illustration. If the re-selecting a by a test on p. Selectashould be selected as small prime time, in order to improve processing speed. After about five times Miller-Rabin primality test, the accuracy is relatively high - If
peach test pass, then that p is a prime number. Otherwisep←p+2, p tested again
Large prime number generation process has two key points, is a primality test, another random number is generated. The former to ensure accuracy and efficiency, the latter must ensure security, i.e. to generate a true random number
Most programs and a random number (such as C and MATLAB are) really just pseudo-random language. Is (such as a linear congruential) by the function can be determined by a seed (such as a clock), the generated pseudo random number. However, UNIX kernel random number generator (/ dev / random), which theoretically can produce a true random. I.e., random number generation, the generating function independently, or the non-deterministic generators. So, in theory, the computer can generate true random number statistical significance.
Reference: Open Source Javascript encryption libraries
Follow-up
Prism program
According to confidential documents provided by Snowden NSA former correspondent of the display, NSA with RSA reached a $ 10 million contract, the former by the latter implantation of a flaw in the formula of encryption software, leaving a "back door for yourself . " It is reported that, RSA software defects there a formula called Bsafe, and the name of the defect formula for Dual Elliptic Curve, developed by the NSA out of it. File contents noted, RSA since 2004 has been using this formula flaw in their software.
RSA Security Shi, Adi Shamir and Len Adleman in 1982, founded by inventor Ron Rivest RSA algorithm, then for $ 2.1 billion acquisition by EMC Corporation in 2006. The algorithm is the most famous of which a defect DUAL_EC_DRBG, cryptographers several years ago discovered the problem. The encryption algorithm can be viewed as a random number generator, but some numbers are fixed, cryptographers can be carried out as a master key to break through a number of built-in algorithms.
RSA algorithm itself is no problem, as long as your key is truly random generated guess the key is just as difficult needle in a haystack general, the existing computer certainly can not break your encrypted files in a password replacement cycle. However, if this random algorithm is false? If it is just the key generated in a small collection of it? Your encrypted files instantly be looked at, this is the NSA to do.