本文介绍了如何利用错误生成的RSA公钥模数N来轻松地进行因式分解。当两个质数p和q非常接近时,可以通过找到它们的算术平均值A并计算x=A^2-N^(1/2)来找到这两个质数。这种方法用于解决挑战性的因式分解任务,并在后续部分展示了如何使用因式分解来解密RSA加密的消息。
问题:
Question 1
Your goal in this project is to break RSA when the public modulus N is generated incorrectly. This should serve as yet another reminder not to implement crypto primitives yourself.
Normally, the primes that comprise an RSA modulus are generated independently of one another. But suppose a developer decides to generate the first prime p by choosing a random number R and scanning for a prime close by. The second prime q is generated by scanning for some other random prime also close to R . We show that the resulting RSA modulus N=pq can be easily factored.
Suppose you are given a composite N and are told that N is a product of two relatively close primes p and q , namely p and q satisfy
|p−q|<2N1/4 (*)
Your goal is to factor N .
Let A be the arithmetic average of the two primes, that is A=p+q2 . Since p and q are odd, we know that p+q is even and therefore A is an integer.
To factor N you first observe that under condition (*) the quantity N−−√ is very close to A . In particular
A−N−−√<1
as shown below. But since
最低0.47元/天 解锁文章
扫一扫
1899
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
