Professional Documents
Culture Documents
RSA in Prac4ce: Public Key Encryp4on From Trapdoor Permuta4ons
RSA in Prac4ce: Public Key Encryp4on From Trapdoor Permuta4ons
RSA in prac4ce
Dan Boneh
( gcd(e, (N) ) = 1)
Encryp4on: 17 mul4plica4ons
Key
lengths
Security
of
public
key
system
should
be
comparable
to
security
of
symmetric
cipher:
RSA
Cipher
key-size
Modulus
size
80 bits
1024 bits
128 bits
3072 bits
15360 bits
Dan
Boneh
Implementa4on
a]acks
Timing
a2ack:
[Kocher
et
al.
1997]
,
[BB04]
The
4me
it
takes
to
compute
cd
(mod
N)
can
expose
d
Power
a2ack:
[Kocher
et
al.
1999)
The
power
consump4on
of
a
smartcard
while
it
is
compu4ng
cd
(mod
N)
can
expose
d.
Faults
a2ack:
[BDL97]
A
computer
error
during
cd
(mod
N)
can
expose
d.
A
common
defense::
check
output.
10%
slowdown.
Dan
Boneh
decrypt
mod
p:
xp
=
cd
in
Zp
decrypt
mod
q:
xq
=
cd
in
Zq
combine to get x = cd in ZN
Dan Boneh
Dan Boneh
Further
reading
Why
chosen
ciphertext
security
ma]ers,
V.
Shoup,
1998
Twenty
years
of
a]acks
on
the
RSA
cryptosystem,
D.
Boneh,
No4ces
of
the
AMS,
1999
OAEP
reconsidered,
V.
Shoup,
Crypto
2001
Key
lengths,
A.
Lenstra,
2004
Dan
Boneh
End of Segment
Dan Boneh