7. Key Length

Public key length

Kim Hyoung-Shick

Contents

1. Introduction

2. Results

Contents

1. Introduction

2. Results

- Is factoring hard ?

- Is factoring in NP ?

- Is factoring NP-complete ?

Questions

- RSA are based on the factoring problem.

- Elgamal are based on the discrete logarit

hm problem.

Today’s dominant public key systems

- Finding key

- Solving the base problem

Brute-force Attack

• One-way function: f() is one way if– For any x, y = f(x) is easy to compute– For any (or almost all) y, it is hard to find an

x such that f(x) = y

• Trapdoor one-way function fs() – given s and y, it is easy to compute an x suc

h that fs(x) = y

Building Public Key Systems

• Quadratic sieve – below 110 bits

• General number field sieve – above

110 bits

• Special number field sieve –

special form

Factoring Algorithm

• RSA Laboratories continues its

sponsorship of the RSA Factoring

Challenge

• To help users of the RSA public-key

cryptosystem in choosing suitable key

lengths for an appropriate level of

security.

New RSA Factoring Challenge

http://www.rsasecurity.com/rsalabs/challenges/factoring/index.html

How much does it cost to factor a large number?

Number Length (bits)

Machines Memory

430 1 trivial

760 215,000 4 Gb

1020 342,000,000 170 Gb

1620 1.6 x 1015 120 Tb

For one year, the machines column is the number of 500 MHz Pentium

New Records

- Factorization of RSA-155 digit (512 bit) by distributed computing, 1999

Recommended Key Length

(Recommendation by RSA Laboratories, RSA Data

Security, Inc.'s research arm)

768-bit and 1024-bit keys as the minimum for

achieving reliable security

• Distributed computing

• DNA computing

• Quantum computing

Future Attacks