Best IT Recipes

RSA and simple generator algorithms

Well, my understanding of RSA's math actions may not be as deep as it should, so feel free to hit me in the head if it's stupid:

To generate the private key, we need two random large primes. There is no algorithm that can do this accurately and efficiently, but there are algorithms that can generate large numbers that have 99.99999 ... (bazillion 9s) ... 999% chance to be simple.

My question is: what happens if the phenomenal blow of failure, when you generate your key, the primary generation algorithm generates non-prime? How does this affect software using this unlucky key?

EDIT: I know that other factors are much more likely sources of poor results on this subject; it's just a purely curious mathematical curiosity.

+11
cryptography rsa primes pki
Nov 11 2018-10-11
source share
5 answers

1. On probabilistic strength tests

A computer is a reliable, deterministic system: for the same input, it will work with the same algorithm with the same output. Will it always be? Nearly. There is such a thing as high-energy particles wandering around the universe, commonly called cosmic rays. When such a particle hits a transistor hidden inside the CPU, it can make it hiccup - basically change its output voltage very quickly, so that during one clock cycle the bit that represents the transistor output is turned upside down.

Now consider a computer that runs a simple generator algorithm that creates random numbers and checks them for simplicity. The primality test is a function that returns a boolean value. At some point, the result (boolean true for "prime", false for non-prime) is a constant value copied to the register. Thus, there is a window with several clock cycles during which this result is a single bit contained in the trigger structure (which consists of 6 transistors).

What, then, is the probability that the cosmic ray will turn this critical bit only in the “right” beat, causing the program to consider that the non-simple is actually simple? This probability is very low. As I said, computers are reliable systems. Nevertheless, this probability can be roughly estimated. It is generally believed that a given processor experiences a scatter of cosmic ray bits once every three months. The Core2 Duo processor contains about 291 million transistors and works (for example, 2.4 GHz). If there is one “critical” transistor, and this transistor is crucial for one clock cycle, then the probability of cosmic rays turning into an odd into an apparent prime is about 1.8 * 10 -24 This is a very optimistic lower bound; in practice, many translators can be turned upside down and imply a failure of the compliance test, and the target time spans several cycles, and the primary generator will examine several tens of primes for each main generation. But let them believe that we are lucky.

A probability of 1.8 * 10 -24 affects each conformance test, whether it is deterministic or not.

An ordinary simple generator will run the Miller-Rabin test with a "confidence" of 2-100 (the test is performed 50 times and has a probability of no more than 0.25 to skip non-prime every time). "100" is arbitrary, but common. This probability is slightly less than 10 -30 . So you have it: the probability of the Miller-Rabin test declaring a simple non-simple is less than the millionth part of the probability of a cosmic ray hitting a transistor, and using the application assumes the number is prime, while the Miller-Rabin test says , it is not so.

In shorter words, if you get non-intersection from a prime number generator, then this is due to a hardware problem such as a cosmic ray, and not to the probabilistic nature of the conformance test.

Having a bad start due to a cosmic ray, this is actually a stroke of very good luck. The probability that an asteroid rushing through space finally falls on your house, burns you for the first second, after which you created your key much higher. I do not know about you, but personally I prefer to have a bad RSA key than being crushed by a falling rock.

2. Bad key

If you use a non-standard RSA key, you get a bad key. A bad key will generate bad signatures: the signature generator will generate a stream of bytes of the correct length, but the signature verifier will declare the signature invalid. Note: in fact, the signature may be valid, with a small probability. Using the "primes" p and q in RSA is akin to the probabilistic primitiveness criterion, just like the Miller-Rabin test. However, there is a possibility that soon the key will turn out to be wrong. Similar behavior will be observed for asymmetric encryption.

It should be noted that the creation of a bad signature or the inability to decrypt a message encrypted with RSA can also occur due to another cosmic ray or even a much more mundane appearance of bad RAM.

The bottom line is that if you are worried about having a bad RSA key, but not about a much more likely hardware failure event (which is inevitable due to cosmic rays, but, fortunately, is not very common in any case), then you get priorities are wrong.

+29
Nov 12 '10 at 0:11
source share

You will immediately notice this: the secret key will be incorrect.

If p or q is composite, you select the public key (usually 65537), calculating the secret key using the advanced Euclidean algorithm: 65537 * x mod n = 1. (where n = (p-1) * (q-1))

But using the secret key x (encrypt (m))! = M In the formula: (m ^ 65537) ^ x mod n! = M

+1
Aug 14 '14 at 8:47
source share

ive found out that you can use rsa like this:

 p = prime
 q = prime
 n = p * q

 phi (n) = phi (p) * phi (q) = p-1 * q-1

But I heard if you make phi from not a single simple one not simple -1 so that it works in the step above (but I can’t say why)

0
Nov 11 '10 at 21:33
source share

If you have true prime numbers, then there are no labels other than brute force. If you are 100% sure, the attacker will not be either. In addition, you can be fairly confident in the algorithms with the primary number that the risk of having a non-standard nunber is less than 1 for the entire key space. Basically, you can statistically verify that your number is simple. In other words, the chances of guessing that this is not a prime should be higher than guessing the right key. It just takes some patience when generating keys.

0
Nov 11 2018-10-11T10:
source share

There is a simple algorithm for determining a large composite - (as always assumed). This is known to the United States and its allies since 1989. It also easily identifies prime numbers.

RSA is also in the know.

-four
Jul 30 '15 at 16:24
source share


More articles:


All Articles