52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?
52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?
52 Things: Number 10: What is the difference between the RSA and strong-RSA problem?
52件事:第10件:RSA和强RSA问题之间的区别是什么?
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. This blog post introduces the RSA and Strong-RSA problems and highlights the differences between the two.
这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。这篇博客文章介绍了RSA和强RSA问题,并强调了两者之间的区别。
The Strong RSA Assumption
RSA强假设
The strong RSA assumption differs from the RSA assumption in that the adversary can choose the (odd) public exponent e≥3. The adversary's task is to compute the plaintext M from the ciphertext given that C=Me(mod n). This is at least as easy as the RSA problem meaning that the strong RSA assumption is, unsurprisingly, a stronger assumption. The RSA problem is now over a quarter of a century old. Public key encryption schemes have been developed that derive their strength fully from the RSA problem.
强RSA假设与RSA假设的不同之处在于,对手可以选择(奇数)公共指数 e≥3 。对手的任务是从给定#2的密文中计算明文 M 。这至少和RSA问题一样容易,这意味着强RSA假设是一个更强的假设,这不足为奇。RSA问题已经存在了四分之一个多世纪。公钥加密方案已经被开发出来,其强度完全来自RSA问题。
这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。这篇博客文章介绍了RSA和强RSA问题,并强调了两者之间的区别。
Cryptography relies heavily on the assumption that certain mathematical problems are hard to solve in a realistic amount of time. When looking at Public-Key (Asymmetric) Cryptography, which is what we'll be focusing on in this blog post we use the assumed existence of One-Way functions, i.e. functions that are easy to compute one way but are difficult to invert. We use problems from algorithmic number theory to produce these functions.
密码学在很大程度上依赖于这样一种假设,即某些数学问题很难在现实的时间内解决。当我们在这篇博客文章中关注公钥(非对称)密码学时,我们使用了单向函数的假设存在,即易于单向计算但难以反转的函数。我们使用算法数论中的问题来产生这些函数。
密码学在很大程度上依赖于这样一种假设,即某些数学问题很难在现实的时间内解决。当我们在这篇博客文章中关注公钥(非对称)密码学时,我们使用了单向函数的假设存在,即易于单向计算但难以反转的函数。我们使用算法数论中的问题来产生这些函数。
Factoring 保付代理
The first difficult problem from number theory to talk about is factoring. Given a composite integer N the factoring problem is to find positive integers p,q such that N=pq. Although on the face of it this seems like a very simple problem, this is in fact a very tough, well studied problem. This can be solved in exponential time by checking all the numbers p=2,…,N−−√. However, solving a problem in exponential time is not fast enough. No polynomial time algorithm has been developed to solve the factoring problem, despite many years of research. Clearly there are examples of N for which this is very easy to solve, for example whenever N is even. Therefore, when starting to think about using this in a Cryptographic construction we consider N as very large and being constructed by 2 large primes p,q.
数论中要讨论的第一个难题是因子分解。给定一个复合整数 N ,因子分解问题是找到正整数 p,q ,使得#2。尽管从表面上看,这似乎是一个非常简单的问题,但事实上,这是一个十分棘手、研究充分的问题。这可以通过检查所有的数字#3在指数时间内解决。然而,在指数时间内解决问题是不够快的。尽管进行了多年的研究,但还没有开发出多项式时间算法来解决因子分解问题。很明显,有#4的例子很容易解决,例如,只要 N 是偶数。因此,当开始考虑在密码学构造中使用它时,我们认为 N 非常大,并且由2个大素数 p,q 构造。
数论中要讨论的第一个难题是因子分解。给定一个复合整数 N ,因子分解问题是找到正整数 p,q ,使得#2。尽管从表面上看,这似乎是一个非常简单的问题,但事实上,这是一个十分棘手、研究充分的问题。这可以通过检查所有的数字#3在指数时间内解决。然而,在指数时间内解决问题是不够快的。尽管进行了多年的研究,但还没有开发出多项式时间算法来解决因子分解问题。很明显,有#4的例子很容易解决,例如,只要 N 是偶数。因此,当开始考虑在密码学构造中使用它时,我们认为 N 非常大,并且由2个大素数 p,q 构造。
The RSA Problem RSA问题
In RSA public-key encryption [1] Alice encrypts a plaintext M using Bob's public key (n,e) to ciphertext C by C=Me(mod n) where n is the product of two large primes and e≥3 is an odd integer that is coprime to the order of Z∗n, the group of invertible elements of Zn. Bob knows the private key (n,d) where de=1( mod (p−1)(q−1)) meaning he can compute M=Cd(mod n). An adversary can eavesdrop C and can know the public key (n,e) however to calculate M the adversary must find the factors of n. Therefore, this means the RSA problem is no harder than integer factorisation but is still a very hard problem to solve provided a suitable n is chosen.
在RSA公钥加密[1]中,Alice使用Bob的公钥 (n,e) 将明文 M 加密为密文 C ,加密方式为 C=Me(mod n) ,其中#4是两个大素数的乘积, e≥3 是与 Zn 的可逆元素组 Z∗n 阶互质的奇整数。Bob知道私钥 (n,d) ,其中 de=1( mod (p−1)(q−1)) 意味着他可以计算 M=Cd(mod n) 。对手可以窃听 C 并且可以知道公钥 (n,e) ,但是为了计算 M ,对手必须找到 n 的因子。因此,这意味着RSA问题并不比整数分解更难,但如果选择了合适的 n ,它仍然是一个很难解决的问题。
In RSA public-key encryption [1] Alice encrypts a plaintext M using Bob's public key (n,e) to ciphertext C by C=Me(mod n) where n is the product of two large primes and e≥3 is an odd integer that is coprime to the order of Z∗n, the group of invertible elements of Zn. Bob knows the private key (n,d) where de=1( mod (p−1)(q−1)) meaning he can compute M=Cd(mod n). An adversary can eavesdrop C and can know the public key (n,e) however to calculate M the adversary must find the factors of n. Therefore, this means the RSA problem is no harder than integer factorisation but is still a very hard problem to solve provided a suitable n is chosen.
在RSA公钥加密[1]中,Alice使用Bob的公钥 (n,e) 将明文 M 加密为密文 C ,加密方式为 C=Me(mod n) ,其中#4是两个大素数的乘积, e≥3 是与 Zn 的可逆元素组 Z∗n 阶互质的奇整数。Bob知道私钥 (n,d) ,其中 de=1( mod (p−1)(q−1)) 意味着他可以计算 M=Cd(mod n) 。对手可以窃听 C 并且可以知道公钥 (n,e) ,但是为了计算 M ,对手必须找到 n 的因子。因此,这意味着RSA问题并不比整数分解更难,但如果选择了合适的 n ,它仍然是一个很难解决的问题。
The Strong RSA Assumption
RSA强假设
The strong RSA assumption differs from the RSA assumption in that the adversary can choose the (odd) public exponent e≥3. The adversary's task is to compute the plaintext M from the ciphertext given that C=Me(mod n). This is at least as easy as the RSA problem meaning that the strong RSA assumption is, unsurprisingly, a stronger assumption. The RSA problem is now over a quarter of a century old. Public key encryption schemes have been developed that derive their strength fully from the RSA problem.
强RSA假设与RSA假设的不同之处在于,对手可以选择(奇数)公共指数 e≥3 。对手的任务是从给定#2的密文中计算明文 M 。这至少和RSA问题一样容易,这意味着强RSA假设是一个更强的假设,这不足为奇。RSA问题已经存在了四分之一个多世纪。公钥加密方案已经被开发出来,其强度完全来自RSA问题。
The Working Class Must Lead!
