RSA & F ACTORING I NTEGERS BY: MIKE NEUMILLER & BRIAN YARBROUGH

INTEGER FACTORIZATION Reducing an integer into its prime components Useful for code breaking RSA uses a semi-prime number to encrypt data Semi-prime number: a number made by the multiplication of two prime numbers

RSA Public Key Cryptosystem Currently used key sizes: 1024 bits to 4096 bits Many versions have been cracked already Largest of which is the 768 bit version (RSA-768) RSA-1024 expected to be cracked in the near future

KEY GENERATION – PUBLIC KEY Public key consists of a semi-prime, n, made from two large prime numbers and an exponent, e. Steps to find n and e: Pick two distinct primes, p and q of similar bit-length Calculate n = p * q Compute φ (n) = (p – 1)(q – 1) Pick an integer e that is coprime with φ (n), such that 1 < e < φ (n) Encryption is c ≡ m e (mod n)

KEY GENERATION – PRIVATE KEY Private key consists of mod n, and an exponent, d. Use e, n and φ (n)) to create the private key. d ≡ e -1 (mod φ (n)) or find d given d ⋅ e ≡ 1 (mod φ (n)) Decode using m ≡ c d (mod n)

HOW DO WE BREAK IT? Private key consists of: mod n and d n is known, so mod n is known, thus d is all we have to find. d is created using: φ (n) and e e is known, so φ (n) is all we have to find now. φ (n) = (p – 1) (q – 1) So now we only need to find p and q n = p * q p and q are both primes, so use Integer Factorization!

FACTORING INTEGERS – THE SIMPLE SOLUTION Trial Division Easily understood, but laborious for the computer. Repeatedly try to divide a number by increasingly larger primes until the full factorization has been found. Similar to the way most humans would probably approach the problem.

EXAMPLE CODE FOR TRIAL DIVISION

int main(int argc, char * argv[]) { unsigned long n = 1; if (argc <= 1) { cout << "Please specify a number to factor: "; cin >> n; cout << endl; } else { n = atol(argv[1]); } cout << "Using Trial Division to calculate the prime factors of “ << n << "...\n" << endl; vector factors = trial_division(n); cout << "Factors found to be: "; for (unsigned int i = 0; i < factors.size(); ++i) { if (i > 0) { cout << ", "; } cout << factors[i]; } cout << endl; return 0; }

std::vector trial_division(unsigned long n) { std::vector factors; if (n == 1) { factors.push_back(1); return factors; } std::vector primes = prime_sieve(sqrt(n) + 1); for (unsigned int i = 0; i < primes.size(); ++i) { if (primes[i] * primes[i] > n) { break; } while (n % primes[i] == 0) { factors.push_back(primes[i]); n /= primes[i]; } } if (n > 1) { factors.push_back(n); } return factors; }

std::vector prime_sieve(unsigned long max) { std::vector is_prime; std::vector primes; is_prime.resize(max + 1, true); for (unsigned long i = 2; i <= max; ++i) { if (!is_prime[i]) { continue; } primes.push_back(i); for (unsigned long j = i * i; j <= max; j += i) { is_prime[j] = false; } } return primes; }

FACTORING INTEGERS – THE PARALLEL SOLUTIONS Quadratic Sieve (QS) Factored RSA-129 on April 2, GB of data was collected over 8 months using computers distributed across the internet. Processing of the collected data took another 45 hours on Bellcore’s MasPar supercomputer. Was fastest known method for traditional computers until the Number Field Sieve was discovered.

FACTORING INTEGERS – THE PARALLEL SOLUTIONS Number Field Sieve (NFS) Fastest known method for factoring Factored RSA-130 on April 10, 1996 All RSA numbers to be factored since have been done with NFS. Factored RSA-768 (232 digits) on December 12, 2009 after more than 2 years of calculations using a state-of-the-art distributed implementation of NFS.

EXAMPLE - RSA-768 FACTORED RSA-768 = When factored, RSA-768 = ×

FACTORING INTEGERS – THE QUANTUM SOLUTION Shor’s Algorithm Formulated in 1994 by Peter Shor. Has already been shown to work Factored 15 in 2001 and again in 2012 Factored 21 in 2012 Runs in polynomial time Substantially faster than all of our current methods!

COMPARING RUNTIMES

REQUIREMENTS FOR SHOR’S ALGORITHM The number must be odd If the number is even, you can always divide by 2 until you get an odd number and then run Shor’s Algorithm. The number must be a composite number This can be tested by simply checking if the number is already a prime The number must not be a power of a prime This is checked for by checking the square, cubic, …, k-roots of N where k ≤ log 2 (n)

HOW SHOR’S ALGORITHM WORKS Consists of two parts A reduction of the factoring problem to the problem of order-finding problem. This part simply turns the factoring problem into the problem of find the period of a function. This part can be done on a classical computer! A quantum algorithm to solve the order-finding problem. This part finds the period using the Quantum Fourier transform. This part is responsible for the incredible speedup of Shor’s Algorithm compared to our current methods.

INTEGER FACTORIZATION ALGORITHMS (RECAP) Trial Division Easily understood, but laborious for the computer. Quadratic Sieve (QS) Factored RSA-129 on April 2, 1994 after more than 8 months of calculations. Second fastest known method for traditional computers. Number Field Sieve (NFS) Fastest known method for factoring. Factored RSA-768 (232 digits) on December 12, 2009 after more than 2 years of calculations. Shor’s Algorithm Bad news for the RSA encryption if we get a quantum computer of capable of running it for large numbers.

QUESTIONS?