首页 > 其他分享 >52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?

52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?

时间:2024-04-11 12:55:06浏览次数:27  
标签:10 What RSA 52 nbsp problem minus mod

52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?

52 件事: 数字 10:RSA 和强 RSA 问题有什么区别? This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. This blog post introduces the RSA and Strong-RSA problems and highlights the differences between the two.
这是一系列博客文章中的最新一篇,旨在解决“每个博士生都应该知道的 52 件事来做密码学”列表:一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。这篇博文介绍了 RSA 和 Strong-RSA 问题,并重点介绍了两者之间的区别。



Cryptography relies heavily on the assumption that certain mathematical problems are hard to solve in a realistic amount of time. When looking at Public-Key (Asymmetric) Cryptography, which is what we'll be focusing on in this blog post we use the assumed existence of One-Way functions, i.e. functions that are easy to compute one way but are difficult to invert. We use problems from algorithmic number theory to produce these functions.
密码学在很大程度上依赖于这样的假设,即某些数学问题很难在现实的时间内解决。在查看公钥(非对称)密码学时,我们将在本博客文章中重点介绍的内容,我们使用单向函数的假设存在,即易于单向计算但难以反转的函数。我们使用算法数论中的问题来产生这些函数。   Factoring 保 理   The first difficult problem from number theory to talk about is factoring. Given a composite integer <span id="MathJax-Span-2" class="mrow"><span id="MathJax-Span-3" class="mi">N the factoring problem is to find positive integers <span id="MathJax-Span-5" class="mrow"><span id="MathJax-Span-6" class="mi">p<span id="MathJax-Span-7" class="mo">,<span id="MathJax-Span-8" class="mi">q such that <span id="MathJax-Span-10" class="mrow"><span id="MathJax-Span-11" class="mi">N<span id="MathJax-Span-12" class="mo">=<span id="MathJax-Span-13" class="mi">p<span id="MathJax-Span-14" class="mi">q. Although on the face of it this seems like a very simple problem, this is in fact a very tough, well studied problem. This can be solved in exponential time by checking all the numbers <span id="MathJax-Span-16" class="mrow"><span id="MathJax-Span-17" class="mi">p<span id="MathJax-Span-18" class="mo">=<span id="MathJax-Span-19" class="mn">2<span id="MathJax-Span-20" class="mo">,<span id="MathJax-Span-21" class="mo">&hellip;<span id="MathJax-Span-22" class="mo">,<span id="MathJax-Span-23" class="msqrt"><span id="MathJax-Span-24" class="mrow"><span id="MathJax-Span-25" class="mi">N&minus;&minus;&radic;. However, solving a problem in exponential time is not fast enough. No polynomial time algorithm has been developed to solve the factoring problem, despite many years of research. Clearly there are examples of <span id="MathJax-Span-27" class="mrow"><span id="MathJax-Span-28" class="mi">N for which this is very easy to solve, for example whenever <span id="MathJax-Span-30" class="mrow"><span id="MathJax-Span-31" class="mi">N is even. Therefore, when starting to think about using this in a Cryptographic construction we consider <span id="MathJax-Span-33" class="mrow"><span id="MathJax-Span-34" class="mi">N as very large and being constructed by 2 large primes <span id="MathJax-Span-36" class="mrow"><span id="MathJax-Span-37" class="mi">p<span id="MathJax-Span-38" class="mo">,<span id="MathJax-Span-39" class="mi">q. 
数论中要讨论的第一个难题是因式分解。给定一个复合整数 <span id="MathJax-Span-2" class="mrow"><span id="MathJax-Span-3" class="mi">N ,分解问题是找到 <span id="MathJax-Span-5" class="mrow"><span id="MathJax-Span-6" class="mi">p<span id="MathJax-Span-7" class="mo">,<span id="MathJax-Span-8" class="mi">q 正整数,使得 <span id="MathJax-Span-10" class="mrow"><span id="MathJax-Span-11" class="mi">N<span id="MathJax-Span-12" class="mo">=<span id="MathJax-Span-13" class="mi">p<span id="MathJax-Span-14" class="mi">q .虽然从表面上看,这似乎是一个非常简单的问题,但实际上这是一个非常棘手、经过充分研究的问题。这可以通过检查所有数字 <span id="MathJax-Span-16" class="mrow"><span id="MathJax-Span-17" class="mi">p<span id="MathJax-Span-18" class="mo">=<span id="MathJax-Span-19" class="mn">2<span id="MathJax-Span-20" class="mo">,<span id="MathJax-Span-21" class="mo">&hellip;<span id="MathJax-Span-22" class="mo">,<span id="MathJax-Span-23" class="msqrt"><span id="MathJax-Span-24" class="mrow"><span id="MathJax-Span-25" class="mi">N&minus;&minus;&radic; 在指数时间内解决。然而,在指数时间内解决问题还不够快。尽管进行了多年的研究,但尚未开发出多项式时间算法来解决因式分解问题。显然,有一些例子 <span id="MathJax-Span-27" class="mrow"><span id="MathJax-Span-28" class="mi">N 很容易解决,例如,只要 <span id="MathJax-Span-30" class="mrow"><span id="MathJax-Span-31" class="mi">N 是偶数。因此,当开始考虑在加密结构中使用它时,我们认为 <span id="MathJax-Span-33" class="mrow"><span id="MathJax-Span-34" class="mi">N 它非常大,并且由 2 个大素数构造 <span id="MathJax-Span-36" class="mrow"><span id="MathJax-Span-37" class="mi">p<span id="MathJax-Span-38" class="mo">,<span id="MathJax-Span-39" class="mi">q 。   The RSA Problem RSA 问题

In RSA public-key encryption [1] Alice encrypts a plaintext <span id="MathJax-Span-41" class="mrow"><span id="MathJax-Span-42" class="mi">M using Bob's public key <span id="MathJax-Span-44" class="mrow"><span id="MathJax-Span-45" class="mo">(<span id="MathJax-Span-46" class="mi">n<span id="MathJax-Span-47" class="mo">,<span id="MathJax-Span-48" class="mi">e<span id="MathJax-Span-49" class="mo">) to ciphertext <span id="MathJax-Span-51" class="mrow"><span id="MathJax-Span-52" class="mi">C by <span id="MathJax-Span-54" class="mrow"><span id="MathJax-Span-55" class="mi">C<span id="MathJax-Span-56" class="mo">=<span id="MathJax-Span-57" class="msubsup"><span id="MathJax-Span-58" class="mi">M<span id="MathJax-Span-59" class="mi">e<span id="MathJax-Span-60" class="mo">(<span id="MathJax-Span-61" class="texatom"><span id="MathJax-Span-62" class="mrow"><span id="MathJax-Span-63" class="mtext">mod&nbsp;<span id="MathJax-Span-64" class="mi">n<span id="MathJax-Span-65" class="mo">) where <span id="MathJax-Span-67" class="mrow"><span id="MathJax-Span-68" class="mi">n is the product of two large primes and <span id="MathJax-Span-70" class="mrow"><span id="MathJax-Span-71" class="mi">e<span id="MathJax-Span-72" class="mo">&ge;<span id="MathJax-Span-73" class="mn">3 is an odd integer that is coprime to the order of <span id="MathJax-Span-75" class="mrow"><span id="MathJax-Span-76" class="msubsup"><span id="MathJax-Span-77" class="texatom"><span id="MathJax-Span-78" class="mrow"><span id="MathJax-Span-79" class="mi">Z<span id="MathJax-Span-80" class="texatom"><span id="MathJax-Span-81" class="mrow"><span id="MathJax-Span-82" class="mo">&lowast;<span id="MathJax-Span-83" class="mi">n, the group of invertible elements of <span id="MathJax-Span-85" class="mrow"><span id="MathJax-Span-86" class="msubsup"><span id="MathJax-Span-87" class="texatom"><span id="MathJax-Span-88" class="mrow"><span id="MathJax-Span-89" class="mi">Z<span id="MathJax-Span-90" class="mi">n. Bob knows the private key <span id="MathJax-Span-92" class="mrow"><span id="MathJax-Span-93" class="mo">(<span id="MathJax-Span-94" class="mi">n<span id="MathJax-Span-95" class="mo">,<span id="MathJax-Span-96" class="mi">d<span id="MathJax-Span-97" class="mo">) where <span id="MathJax-Span-99" class="mrow"><span id="MathJax-Span-100" class="mi">d<span id="MathJax-Span-101" class="mi">e<span id="MathJax-Span-102" class="mo">=<span id="MathJax-Span-103" class="mn">1<span id="MathJax-Span-104" class="mo">(<span id="MathJax-Span-105" class="texatom"><span id="MathJax-Span-106" class="mrow"><span id="MathJax-Span-107" class="mtext">&nbsp;mod&nbsp;<span id="MathJax-Span-108" class="mo">(<span id="MathJax-Span-109" class="mi">p<span id="MathJax-Span-110" class="mo">&minus;<span id="MathJax-Span-111" class="mn">1<span id="MathJax-Span-112" class="mo">)<span id="MathJax-Span-113" class="mo">(<span id="MathJax-Span-114" class="mi">q<span id="MathJax-Span-115" class="mo">&minus;<span id="MathJax-Span-116" class="mn">1<span id="MathJax-Span-117" class="mo">)<span id="MathJax-Span-118" class="mo">) meaning he can compute <span id="MathJax-Span-120" class="mrow"><span id="MathJax-Span-121" class="mi">M<span id="MathJax-Span-122" class="mo">=<span id="MathJax-Span-123" class="msubsup"><span id="MathJax-Span-124" class="mi">C<span id="MathJax-Span-125" class="mi">d<span id="MathJax-Span-126" class="mo">(<span id="MathJax-Span-127" class="texatom"><span id="MathJax-Span-128" class="mrow"><span id="MathJax-Span-129" class="mtext">mod&nbsp;<span id="MathJax-Span-130" class="mi">n<span id="MathJax-Span-131" class="mo">). An adversary can eavesdrop <span id="MathJax-Span-133" class="mrow"><span id="MathJax-Span-134" class="mi">C and can know the public key <span id="MathJax-Span-136" class="mrow"><span id="MathJax-Span-137" class="mo">(<span id="MathJax-Span-138" class="mi">n<span id="MathJax-Span-139" class="mo">,<span id="MathJax-Span-140" class="mi">e<span id="MathJax-Span-141" class="mo">) however to calculate <span id="MathJax-Span-143" class="mrow"><span id="MathJax-Span-144" class="mi">M the adversary must find the factors of <span id="MathJax-Span-146" class="mrow"><span id="MathJax-Span-147" class="mi">n. Therefore, this means the RSA problem is no harder than integer factorisation but is still a very hard problem to solve provided a suitable <span id="MathJax-Span-149" class="mrow"><span id="MathJax-Span-150" class="mi">n is chosen. 
在 RSA 公钥加密 [1] 中,Alice 使用 Bob 的公钥 <span id="MathJax-Span-44" class="mrow"><span id="MathJax-Span-45" class="mo">(<span id="MathJax-Span-46" class="mi">n<span id="MathJax-Span-47" class="mo">,<span id="MathJax-Span-48" class="mi">e<span id="MathJax-Span-49" class="mo">) 对明 <span id="MathJax-Span-51" class="mrow"><span id="MathJax-Span-52" class="mi">C 文 <span id="MathJax-Span-41" class="mrow"><span id="MathJax-Span-42" class="mi">M 进行加密, <span id="MathJax-Span-54" class="mrow"><span id="MathJax-Span-55" class="mi">C<span id="MathJax-Span-56" class="mo">=<span id="MathJax-Span-57" class="msubsup"><span id="MathJax-Span-58" class="mi">M<span id="MathJax-Span-59" class="mi">e<span id="MathJax-Span-60" class="mo">(<span id="MathJax-Span-61" class="texatom"><span id="MathJax-Span-62" class="mrow"><span id="MathJax-Span-63" class="mtext">mod&nbsp;<span id="MathJax-Span-64" class="mi">n<span id="MathJax-Span-65" class="mo">) 其中 <span id="MathJax-Span-67" class="mrow"><span id="MathJax-Span-68" class="mi">n 是两个大素数的乘积, <span id="MathJax-Span-70" class="mrow"><span id="MathJax-Span-71" class="mi">e<span id="MathJax-Span-72" class="mo">&ge;<span id="MathJax-Span-73" class="mn">3 是一个奇数整数,与 的 <span id="MathJax-Span-75" class="mrow"><span id="MathJax-Span-76" class="msubsup"><span id="MathJax-Span-77" class="texatom"><span id="MathJax-Span-78" class="mrow"><span id="MathJax-Span-79" class="mi">Z<span id="MathJax-Span-80" class="texatom"><span id="MathJax-Span-81" class="mrow"><span id="MathJax-Span-82" class="mo">&lowast;<span id="MathJax-Span-83" class="mi">n 顺序是 的互质数,是 的 <span id="MathJax-Span-85" class="mrow"><span id="MathJax-Span-86" class="msubsup"><span id="MathJax-Span-87" class="texatom"><span id="MathJax-Span-88" class="mrow"><span id="MathJax-Span-89" class="mi">Z<span id="MathJax-Span-90" class="mi">n 可逆元素组。Bob 知道私钥 <span id="MathJax-Span-92" class="mrow"><span id="MathJax-Span-93" class="mo">(<span id="MathJax-Span-94" class="mi">n<span id="MathJax-Span-95" class="mo">,<span id="MathJax-Span-96" class="mi">d<span id="MathJax-Span-97" class="mo">) , <span id="MathJax-Span-99" class="mrow"><span id="MathJax-Span-100" class="mi">d<span id="MathJax-Span-101" class="mi">e<span id="MathJax-Span-102" class="mo">=<span id="MathJax-Span-103" class="mn">1<span id="MathJax-Span-104" class="mo">(<span id="MathJax-Span-105" class="texatom"><span id="MathJax-Span-106" class="mrow"><span id="MathJax-Span-107" class="mtext">&nbsp;mod&nbsp;<span id="MathJax-Span-108" class="mo">(<span id="MathJax-Span-109" class="mi">p<span id="MathJax-Span-110" class="mo">&minus;<span id="MathJax-Span-111" class="mn">1<span id="MathJax-Span-112" class="mo">)<span id="MathJax-Span-113" class="mo">(<span id="MathJax-Span-114" class="mi">q<span id="MathJax-Span-115" class="mo">&minus;<span id="MathJax-Span-116" class="mn">1<span id="MathJax-Span-117" class="mo">)<span id="MathJax-Span-118" class="mo">) 这意味着他可以计算 <span id="MathJax-Span-120" class="mrow"><span id="MathJax-Span-121" class="mi">M<span id="MathJax-Span-122" class="mo">=<span id="MathJax-Span-123" class="msubsup"><span id="MathJax-Span-124" class="mi">C<span id="MathJax-Span-125" class="mi">d<span id="MathJax-Span-126" class="mo">(<span id="MathJax-Span-127" class="texatom"><span id="MathJax-Span-128" class="mrow"><span id="MathJax-Span-129" class="mtext">mod&nbsp;<span id="MathJax-Span-130" class="mi">n<span id="MathJax-Span-131" class="mo">) 。攻击者可以窃听 <span id="MathJax-Span-133" class="mrow"><span id="MathJax-Span-134" class="mi">C 并可以知道公钥 <span id="MathJax-Span-136" class="mrow"><span id="MathJax-Span-137" class="mo">(<span id="MathJax-Span-138" class="mi">n<span id="MathJax-Span-139" class="mo">,<span id="MathJax-Span-140" class="mi">e<span id="MathJax-Span-141" class="mo">) ,但是要计算 <span id="MathJax-Span-143" class="mrow"><span id="MathJax-Span-144" class="mi">M 攻击者必须找到 <span id="MathJax-Span-146" class="mrow"><span id="MathJax-Span-147" class="mi">n 的因子。因此,这意味着 RSA 问题并不比整数分解更难,但只要选择合适的 <span id="MathJax-Span-149" class="mrow"><span id="MathJax-Span-150" class="mi">n 问题,它仍然是一个非常难以解决的问题。
The Strong RSA Assumption
强大的 RSA 假设


The strong RSA assumption differs from the RSA assumption in that the adversary can choose the (odd) public exponent <span id="MathJax-Span-152" class="mrow"><span id="MathJax-Span-153" class="mi">e<span id="MathJax-Span-154" class="mo">&ge;<span id="MathJax-Span-155" class="mn">3. The adversary's task is to compute the plaintext <span id="MathJax-Span-157" class="mrow"><span id="MathJax-Span-158" class="mi">M from the ciphertext given that <span id="MathJax-Span-160" class="mrow"><span id="MathJax-Span-161" class="mi">C<span id="MathJax-Span-162" class="mo">=<span id="MathJax-Span-163" class="msubsup"><span id="MathJax-Span-164" class="mi">M<span id="MathJax-Span-165" class="mi">e<span id="MathJax-Span-166" class="mo">(<span id="MathJax-Span-167" class="texatom"><span id="MathJax-Span-168" class="mrow"><span id="MathJax-Span-169" class="mtext">mod&nbsp;<span id="MathJax-Span-170" class="mi">n<span id="MathJax-Span-171" class="mo">). This is at least as easy as the RSA problem meaning that the strong RSA assumption is, unsurprisingly, a stronger assumption. The RSA problem is now over a quarter of a century old. Public key encryption schemes have been developed that derive their strength fully from the RSA problem.
强 RSA 假设与 RSA 假设的不同之处在于,攻击者可以选择(奇数)公共指数 <span id="MathJax-Span-152" class="mrow"><span id="MathJax-Span-153" class="mi">e<span id="MathJax-Span-154" class="mo">&ge;<span id="MathJax-Span-155" class="mn">3 。攻击者的任务是从密文中计算明文 <span id="MathJax-Span-157" class="mrow"><span id="MathJax-Span-158" class="mi">M ,因为 <span id="MathJax-Span-160" class="mrow"><span id="MathJax-Span-161" class="mi">C<span id="MathJax-Span-162" class="mo">=<span id="MathJax-Span-163" class="msubsup"><span id="MathJax-Span-164" class="mi">M<span id="MathJax-Span-165" class="mi">e<span id="MathJax-Span-166" class="mo">(<span id="MathJax-Span-167" class="texatom"><span id="MathJax-Span-168" class="mrow"><span id="MathJax-Span-169" class="mtext">mod&nbsp;<span id="MathJax-Span-170" class="mi">n<span id="MathJax-Span-171" class="mo">) .这至少和 RSA 问题一样简单,这意味着不出所料,强 RSA 假设是一个更强的假设。RSA问题现在已经有四分之一个世纪的历史了。已经开发了公钥加密方案,这些方案完全从RSA问题中获得了优势。

标签:10,What,RSA,52,nbsp,problem,minus,mod
From: https://www.cnblogs.com/3cH0-Nu1L/p/18104691

相关文章

  • 4.10
    来简述一下最近几天发生的事吧大概前天还是昨天,在踢球的时候,发球正好开到了一个系鞋带的同级同学头上。然后连忙道歉,结果还是被别人拽住了双手,步步逼近。呜呜呜当时真的是给吓傻了,倒不是说我真的怕他,只是没见识过这么急的人,直接给我吓傻了,一句话都没说就愣在那被别人抓着手往后推......
  • iPad手绘+Ai二合一课程,Procreate+Mj+SD零基础到精通(10节视频课)
    课程内容:1系统课AI辅助设计流-从零进阶轻松驾驭AI设计,mp42商务沟通阶段ChatGPTMidjourney-聊天机器人项目调研资料收集,mp43_商务沟通阶段ChatGPT_Midjourney-Midjourney基础界面初识初步设置.mp44_商务沟通阶段ChatGPT_Midjourney-Midjourney基础Prompt结......
  • 找汽车之家打广告一般需要多少钱?CloudKOL为您准备1000+汽车自媒体资源
    CloudKOL汽车自媒体广告投放价格指南汽车之家作为国内知名的汽车资讯平台之一,拥有大量的汽车爱好者和潜在消费者用户群体,是众多汽车品牌进行广告投放的首选平台之一。在进行广告投放前,了解汽车之家广告投放的价格是非常重要的。下面是CloudKOL为您准备的汽车之家广告投放价格......
  • Cisco NX-OS Software Release 10.4(3)F - 网络操作系统软件
    CiscoNX-OSSoftwareRelease10.4(3)F-网络操作系统软件NX-OS网络操作系统请访问原文链接:CiscoNX-OSSoftwareRelease10.4(3)F-网络操作系统软件,查看最新版。原创作品,转载请保留出处。作者主页:sysin.orgCiscoNX-OSCiscoNX-OS操作系统助力网络紧跟业务发展步伐......
  • Cisco Nexus 9000 Series Switches, NX-OS Standalone 10.4(3)F and ACI Mode 16.0(5h
    CiscoNexus9000SeriesSwitches,NX-OSStandalone10.4(3)FandACIMode16.0(5h)includeApplicationPolicyInfrastructureController(APIC)Release6.0(5h)请访问原文链接:CiscoNexus9000SeriesSwitches,NX-OSStandalone10.4(3)FandACIMode16.0(5h),查看最......
  • App Store 警告 ITMS-91053: Missing API declaration
    问题:app虽然成功上架AppStore,但是邮件提示了如下警告:解决:解决方法是添加隐私清单文件。参考官方说明:官方文档其它相关链接:StackOverflow中关于这个问题的讨论这位作者分享了如何解决该问题这篇文章提供了解决该问题详细的指南......
  • 10个编程好习惯:优秀程序员的经验分享
    大家好,我是知微!作为一个程序员,写代码就跟厨师做菜一样,如果没有一些好的方法和习惯,做出来的菜肯定又慢又难吃。下面分享一些优秀的编程习惯,用了都说好!1、规范的命名命名是代码清晰度的关键。变量、函数和类的命名需简洁明了,并遵循项目中约定的命名规则,如驼峰命名法或下划线分......
  • 20240410,结构体,通讯录管理系统
    感觉学到现在就是,基础的听了好多遍敲了很多次熟的不得了,但是一开始就没学学会的一直没研究,学会了但是没复习,和新学的没重叠的也忘了,难顶一,结构体属于用户自定义的数据类型,STRUCT类型名称{成员列表}#include<stdio.h>//听男神讲C的时候没有做过这种练习,C也是可以成员不......
  • 2024/4/10
    今天并没有迎来证券的抵抗,白酒、证券、地产依然毫无抵抗的下跌,银行冲高回落以后今天也是跌跌不休,反倒是工程机械板块收红短线上今天炸板率极高,两市4000多股票下跌昨天预测的支撑位反弹并没有来临,反而很多个股跌破支撑,加速下跌,比如北斗星通,青岛啤酒,所以做支撑位的左侧可能并不是......
  • 最优算法100例之38-构建乘积数组
    专栏主页:计算机专业基础知识总结(适用于期末复习考研刷题求职面试)系列文章https://blog.csdn.net/seeker1994/category_12585732.html题目描述给定一个数组A[0,1,...,n-1],请构建一个数组B[0,1,...,n-1],其中B中的元素B[i]=A[0]*A[1]*...*A[i-1]*A[i+1]*...*A[n-1]。不能使用......