Attacks on RSA: Difference between revisions
imported>Sandy Harris (→TWIRL) |
imported>Sandy Harris |
||
| Line 11: | Line 11: | ||
| volume=36 | | volume=36 | ||
| issue=3 | | issue=3 | ||
| date=May 1990}}</ref> based on [[continued fraction]]s which is effective if the exponent in the secret key is small. | | date=May 1990}}</ref> based on [[continued fraction]]s which is effective if the exponent in the secret key is small. There have since been many papers proposing improvements on or variants of that attack. | ||
== TWIRL == | == TWIRL == | ||
Revision as of 01:07, 14 April 2009
A number of methods have been proposed for attacking the RSA cryptosystem. This article describes them.
Any efficient solution to the integer factorisation problem would break RSA; see the RSA article for discussion. The difficulty with that approach is that no efficient solution is known. Cracking a large (say 1024 bits or more) RSA key with current factoring algorithms is not practical, even with massive parallelism.
Weiner attack
Michael Weiner proposed an attack [1] based on continued fractions which is effective if the exponent in the secret key is small. There have since been many papers proposing improvements on or variants of that attack.
TWIRL
The Weizmann Instiute Relation Locator [2], developed by Adi Shamir (The 'S' in RSA) and Evan Tromer, is a machine designed to speed up the seiving step in the number field seive technique for integer factorisation.
RSA Security have commented [1].
References
- ↑ Wiener, M.J. (May 1990). "Cryptanalysis of short RSA secret exponents".
- ↑ Adi Shamir & Eran Tromer (2003). On the cost of factoring RSA-1024.