Notions for RSA integers
Daniel Loebenberger, Michael N\"usken
TL;DR
This paper analyzes various standards for generating RSA integers, showing that despite differences, the entropy of generated RSA moduli is high and factoring such integers remains computationally hard, supporting their security assumptions.
Contribution
It provides a theoretical framework to compare the entropy of RSA integers generated by different standards and proves their hardness under certain assumptions.
Findings
High entropy of RSA integers across standards
Factoring these integers remains computationally hard
Different generation methods yield similar security levels
Abstract
The key-generation algorithm for the RSA cryptosystem is specified in several standards, such as PKCS#1, IEEE 1363-2000, FIPS 186-3, ANSI X9.44, or ISO/IEC 18033-2. All of them substantially differ in their requirements. This indicates that for computing a "secure" RSA modulus it does not matter how exactly one generates RSA integers. In this work we show that this is indeed the case to a large extend: First, we give a theoretical framework that will enable us to easily compute the entropy of the output distribution of the considered standards and show that it is comparatively high. To do so, we compute for each standard the number of integers they define (up to an error of very small order) and discuss different methods of generating integers of a specific form. Second, we show that factoring such integers is hard, provided factoring a product of two primes of similar size is hard.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Cryptography and Residue Arithmetic · Coding theory and cryptography