The RSA encryption setup begins by finding two large prime numbers. These numbers are kept secret, but their product is made public. We discuss below just how difficult it is to recover two large primes from knowing their product.
Suppose two people share one prime. That is, one person chooses primes p and q and the other chooses p and r, and q ≠ r. Then you can easily find p. All three primes can be obtained in less than a millisecond as illustrated by the Python script below. Nearly all the time required to run the script is devoted to finding the primes, so we time just the factorization.
from secrets import randbits from sympy import nextprime, gcd from timeit import default_timer as timer numbits = 2048 p = nextprime(randbits(numbits)) q = nextprime(randbits(numbits)) r = nextprime(randbits(numbits)) m = p*q n = p*r t0 = timer() g = gcd(m, n) assert(p == g) assert(q == m//p) assert(r == n//p) t1 = timer() # Print time in milliseconds print(1000*(t1 - t0))
Python notes
There are a few noteworthy things about the Python code.
First, it uses a cryptographic random number generator, not the default generator, to create 2048-bit random numbers.
Second, it uses the portable default_timer
which chooses the appropriate timer on different operating systems. Note that it returns wall clock time, not CPU time.
Finally, it uses integer division //
to recover q and r. If you use the customary division operator Python will carry out integer division and attempt to cast the result to a float, resulting in the error message “OverflowError: integer division result too large for a float.”
GCD vs factoring
If you wanted to find the greatest common divisor of two small numbers by hand, you’d probably start by factoring the two numbers. But as Euclid knew, you don’t have to factor two numbers before you can find the greatest common factor of the numbers. For large numbers, the Euclidean algorithm is orders of magnitude faster than factoring.
Nobody has announced being able to factor a 1024 bit number yet. The number m and n above have four times as many bits. The largest of the RSA numbers factored so far has 768 bits. This was done in 2009 and took approximately two CPU millennia, i.e. around 2000 CPU years.
Related posts
from Planet Python
via read more
No comments:
Post a Comment