Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 2: Mathematical Preliminaries 16<br />
space complexity, one may need to refer back to the basic definitions <strong>of</strong> asymptotic<br />
notations at the beginning <strong>of</strong> this chapter.<br />
1<br />
2<br />
3<br />
4<br />
5<br />
6<br />
Generate randomly two large primes p,q;<br />
Compute N = pq,φ(N) = (p−1)(q −1);<br />
Generate e randomly such that gcd(e,φ(N)) = 1;<br />
Compute d such that ed ≡ 1 (mod φ(N));<br />
Encryption: m ↦→ m e mod N;<br />
Decryption: c ↦→ c d mod N;<br />
Algorithm 1: Implementing <strong>RSA</strong> [126].<br />
Primality Testing<br />
In Step 1 <strong>of</strong> Algorithm 1, one needs to generate large random primes p,q. This is<br />
done by generating large random numbers and thereafter testing those for primality.<br />
This approach works well due to the Prime Number Theorem (PNT) [126].<br />
Theorem 2.5 (PNT). There are approximately N<br />
lnN<br />
primes smaller than N.<br />
In simpler words, the Prime Number Theorem states that on an average, one will<br />
find a prime if he/she chooses lnp many random integers <strong>of</strong> bitsize l p .<br />
The next step is primality test. There are many efficient primality testing algorithms<br />
in practice. One may use the Solovay-Strassen Algorithm [123] or the<br />
Miller-Rabin Algorithm [90,105] for this purpose. The time complexity <strong>of</strong> both<br />
Solovay-Strassen and Miller-Rabin algorithms is O(lp) 3 to test an l p bit integer. For<br />
practical <strong>RSA</strong> instances, l p will be 512 or 1024-bit integers, and hence both the<br />
algorithms work well to test whether a number is prime or not. However, both<br />
are probabilistic algorithms, and in practice Miller-Rabin algorithm fares better<br />
than the Solovay-Strassen algorithm. This is because the probability <strong>of</strong> failure<br />
<strong>of</strong> Miller-Rabin test (at most 4 −k for k different candidates) is much less compared<br />
to the one for Solovay-Strassen (at most 2 −k for k different candidates). If<br />
the Generalized Riemann Hypothesis is true then Miller-Rabin Algorithm can be<br />
run deterministically with time complexity O(lp). 5 There are many more probabilistic<br />
polynomial time primality test algorithms based on elliptic curves, namely<br />
Goldwasser-Kilian [44], Atkin-Morain [6] etc.<br />
Finding a deterministic polynomial time primality test was a open question<br />
for a long period. In 2002, Agrawal, Kayal and Saxena [3] proposed a determin-