[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA != RSA?

To: Chris Trobridge <CTrobridge@baltimore.com>
Subject: Re: RSA != RSA?
From: Derek Atkins <warlord@mit.edu>
Date: 09 Feb 2001 11:34:56 -0500
Cc: Henry Spencer <henry@spsystems.net>, IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: Chris Trobridge's message of "Fri, 9 Feb 2001 08:59:16 -0000"
References: <F86F34FDF1F9D411B7A40008C74C27B813792E@hhdata3.cdsemea.baltimore.com>
Sender: owner-ipsec@lists.tislabs.com

If I recall correctly, the number of possilble keys is dependent on
the factorization of (p-1)(q-1).  Namely, the more factors you have,
the greater the number of possible keys.  (Note: I might have the
wrong number being factored -- we discussed this in class about 7
years ago and I'm nowhere near my class notes ;)

But basically, IIRC, if you choose p and q as strong primes, such that
both (p-1)/2 and (q-1)/2 are prime, then you will minimize the number
of potential decryption keys to 2.

As a simple example, take p=7,q=5, N=35. You can choose, e.g. e=5, as
5 is relatively prime to (p-1)(q-1) = (6*4) = 24.  You can then show
that either d=11 or d=23 will work to decrypt a message:

	m=5
	c = m^e mod n = 5^5 mod 35 = 10
	m = c^d mod n = 10^11 mod 35 = 5
	              = 10^23 mod 35 = 5

Enjoy,

-derek

Chris Trobridge <CTrobridge@baltimore.com> writes:

> Any idea how many? (just for academic interest)
> 
> Chris
> 
> > -----Original Message-----
> > From: Derek Atkins [mailto:warlord@mit.edu]
> > Sent: 08 February 2001 22:57
> > To: Henry Spencer
> > Cc: IP Security List
> > Subject: Re: RSA != RSA?
> > 
> > 
> > Basically there are multiple decryption keys, d, that are valid for
> > any particular encryption key, e, mod N.  I believe the lcm(p-1,q-1)
> > will force you to generate necessarily one of the multiple d keys.
> > 
> > -derek
> 
> 
> -----------------------------------------------------------------------------------------------------------------
> The information contained in this message is confidential and is intended 
> for the addressee(s) only.  If you have received this message in error or 
> there are any problems please notify the originator immediately.  The 
> unauthorized use, disclosure, copying or alteration of this message is 
> strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
> special, indirect or consequential damages arising from alteration of the 
> contents of this message by a third party or as a result of any virus being 
> passed on.
> 
> In addition, certain Marketing collateral may be added from time to time to 
> promote Baltimore Technologies products, services, Global e-Security or 
> appearance at trade shows and conferences.
>  
> This footnote confirms that this email message has been swept by 
> Baltimore MIMEsweeper for Content Security threats, including
> computer viruses.

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

RE: RSA != RSA?

From: Chris Trobridge <CTrobridge@baltimore.com>

Prev by Date: RE: RSA != RSA?
Next by Date: BOF: IP over Bluetooth for 50th Meeting of IETF.
Prev by thread: RE: RSA != RSA?
Next by thread: BOF: IP over Bluetooth for 50th Meeting of IETF.
Index(es):
- Main
- Thread