TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM
作者: D. Boneh
DOI:
关键词: Credit card 、 Public-key cryptography 、 Cryptosystem 、 Alice and Bob 、 Encryption 、 Computer security 、 Ciphertext 、 Computer science 、 Key (cryptography) 、 Login
摘要: Introduction The RSA cryptosystem, invented by Ron Rivest, Adi Shamir, and Len Adleman [18], was first publicized in the August 1977 issue of Scientific American. cryptosystem is most commonly used for providing privacy ensuring authenticity digital data. These days deployed many commercial systems. It Web servers browsers to secure traffic, it ensure e-mail, remote login sessions, at heart electronic credit card payment In short, frequently applications where security data a concern. Since its initial publication, system has been analyzed vulnerability researchers. Although twenty years research have led number fascinating attacks, none them devastating. They mostly illustrate dangers improper use RSA. Indeed, securely implementing nontrivial task. Our goal survey some these attacks describe underlying mathematical tools they use. Throughout we follow standard naming conventions “Alice” “Bob” denote two generic parties wishing communicate with each other. We “Marvin” malicious attacker eavesdrop or tamper communication between Alice Bob. begin describing simplified version encryption. Let N = pq be product large primes same size (n/2 bits each). A typical n 1024 bits, i.e., 309 decimal digits. Each factors 512 bits. e, d integers satisfying ed 1 mod φ(N) (p − 1)(q 1) order multiplicative group ZN. call modulus, e encryption exponent, decryption exponent. pair 〈N, e〉 public key. As name suggests, encrypt messages. 〈N,d〉 called secret key private known only recipient encrypted enables ciphertexts. message an integer M ∈ To M, one computes C =Me . decrypt ciphertext, legitimate receiver Cd N. =Med =M N,
stanford.edu 
brown.edu 
unisinos.br 
preterhuman.net 
ucsb.edu 参考文章(20)
Carl Pomerance, A Tale of Two Sieves Biscuits of Number Theory. pp. 85- 104 ,(2009) , 10.1090/DOL/034/15
Y. Desmedt, A. M. Odlyzko, A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes international cryptology conference. ,vol. 218, pp. 516- 522 ,(1986) , 10.1007/3-540-39799-X_40
Nicholas Howgrave-Graham, Finding Small Roots of Univariate Modular Equations Revisited Lecture Notes in Computer Science. pp. 131- 142 ,(1997) , 10.1007/BFB0024458
Shafi Goldwasser, The Search for Provably Secure Cryptosystems Cryptology and Computational Number Theory. ,(1990)
Mihir Bellare, Phillip Rogaway, Optimal asymmetric encryption theory and application of cryptographic techniques. pp. 92- 111 ,(1994) , 10.1007/BFB0053428
Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems international cryptology conference. ,vol. 1109, pp. 104- 113 ,(1996) , 10.1007/3-540-68697-5_9
Alfred J Menezes, Paul C van Oorschot, Scott A Vanstone, Handbook of Applied Cryptography ,(1996)
Wiebren de Jonge, David Chaum, Attacks on some RSA signatures international cryptology conference. pp. 18- 27 ,(1985) , 10.1007/3-540-39799-X_3
Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 international cryptology conference. pp. 1- 12 ,(1998) , 10.1007/BFB0055716
Dan Boneh, Richard A. DeMillo, Richard J. Lipton, On the importance of checking cryptographic protocols for faults theory and application of cryptographic techniques. pp. 37- 51 ,(1997) , 10.1007/3-540-69053-0_4