Skip to main content
SpringerLink
Log in

RSA Problem

  • Reference work entry
Encyclopedia of Cryptography and Security

Related Concepts

Discrete Logarithm Problem; Integer Factoring; RSA Digital Signature Scheme; RSA Public-Key Encryption; Strong RSA Assumption

Definition

Given an RSA public key (n, e) and a ciphertext C, the RSA Problem is to find a message M such that

$$C = {M}^{e}\left (\mathbin{\rm mod}\,\,\,n\right ).$$

Theory

In RSA public-key encryption [30], Alice encrypts a plaintext M for Bob using Bob’s encryption key (n, e) by computing the ciphertext

$$ C = {M}^{e}\left (\mathbin{\rm mod}\,\,\,n\right), $$
(1)

where n, the modulus, is the product of two or more large primes, and e, the public exponent, is an (odd) integer \(e \geq 3\) that is relatively prime to ϕ(n), the order of the multiplicative group \({\mathbf{ Z}}_{n}^{{_\ast}}\). (Refer Euler’s totient function, modular arithmetic for background on these concepts.) Bob, who knows the corresponding RSA decryption key (n, d), can easily decrypt since \(\mathit{de} = 1(\textrm{ mod}\phi (n))\) implies that

$$ M = {C}^{d}\left...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 799.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 949.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Recommended Reading

  1. Alexi WB, Chor B, Goldreich O, Schnorr CP (1984) RSA/Rabin bits are \(1/2 + 1/\mathit{poly}(\log (N))\) secure. In: Proceedings of FOCS’84, Singer Island. IEEE, pp 449–457

    Google Scholar 

  2. Alexi WB, Chor B, Goldreich O, Schnorr CP (1988) RSA and Rabin functions: certain parts are as hard as the whole. SIAM J Comput 17(2):194–209

    MATH  MathSciNet  Google Scholar 

  3. Barić N, Pfitzmann B (1997) Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy W (ed) Advances in cryptology – EUROCRYPT’97. Lecture notes in computer science, vol 1233. Springer, Berlin, pp 480–494

    Google Scholar 

  4. Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption. In: Krawczyk H (ed) Advances in cryptology – CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 26–45

    Google Scholar 

  5. Bellare M, Rogaway P (1996) Optimal asymmetric encryption – how to encrypt with RSA. In: DeSantis A (ed) Advances in cryptology – EUROCRYPT’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 92–111

    Google Scholar 

  6. Bellare M, Rogaway P (1996) The exact security of digital signatures – how to sign with RSA and Rabin. In: Maurer U (ed) Advances in cryptology – EUROCRYPT’96. Lecture notes in computer science, vol 1070. Springer, Berlin, pp 399–416

    Google Scholar 

  7. Bleichenbacher D (1988) Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk H (ed) Advances in cryptology – CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 1–12

    Google Scholar 

  8. Boneh D, Durfee G (2000) Cryptanalysis of RSA with private key d less than N 0. 292. IEEE Trans Inform Theory 46(4):1339–1349

    Google Scholar 

  9. Boneh D, Venkatesan R (1988) Breaking RSA may not be equivalent to factoring. In: Nyberg K (ed) Advances in cryptology – EUROCRYPT’98. Lecture notes in computer science, vol 1403. Springer, Berlin, pp 59–71

    Google Scholar 

  10. Boneh D (1999) Twenty years of attacks on the RSA cryptosystem. Not Am Math Soc 46(2):203–213

    MATH  MathSciNet  Google Scholar 

  11. Chor B, Goldreich O (1985) RSA/Rabin least significant bits are \(1/2 + 1/\mathit{poly}(\log \ \mathrm{n})\) secure. In: Blakley GR, Chaum DC (eds) Advances in cryptology – CRYPTO’84. Lecture notes in computer science, vol 196. Springer, Berlin, pp 303–313

    Google Scholar 

  12. Coppersmith D, Franklin M, Patarin J, Reiter M (1996) Low-exponent RSA with related messages. In: Maurer V (ed) Advances in cryptography – EUROCRYPT’96. Lecture notes in computer science, vol 1070. Springer, Berlin, pp 1–9

    Google Scholar 

  13. Cramer R, Shoup V (2000) Signature schemes based on the strong RSA assumption. ACM Trans Inform Syst Sec 3(3): 161–185

    Google Scholar 

  14. Davida G (1982) Chosen signature cryptanalysis of the RSA (MIT) public key cryptosystem. Technical report TR-CS-82-2, Deptartment of EECS, University of Wisconsin, Milwaukee

    Google Scholar 

  15. DeLaurentis JM (1984) A further weakness in the common modulus protocol for the RSA cryptoalgorithm. Cryptologia 8:253–259

    MathSciNet  Google Scholar 

  16. Desmedt Y, Odlyzko AM (1986) A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes. In: Williams HC (ed) Advances in cryptology – CRYPTO’85. Lecture notes in computer science, vol 218. Springer, Berlin, pp 516–522

    Google Scholar 

  17. Fischlin R, Schnorr C-P (2000) Stronger security proofs for RSA and Rabin bits. J Cryptol 13(2):221–244

    MATH  MathSciNet  Google Scholar 

  18. Fujisaki E, Okamoto T (1997) Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski BS Jr (ed) Advances in cryptology – CRYPTO’97. Lecture notes in computer science, vol 1294. Springer, Berlin, pp 16–30

    Google Scholar 

  19. Fujisaki E, Okamoto T, Pointcheval D, Stern J (2004) RSA-OAEP is secure under the RSA assumption. J Cryptol 17(2): 81–104

    MATH  MathSciNet  Google Scholar 

  20. Gennaro R, Halevi S, Rabin T (1999) Secure hash-and-sign signatures without the random oracle. In: Stern J (ed) Advances in cryptography – EUROCRYPT’99. Lecture notes in computer science, vol 1592. Springer, Berlin, pp 123–139

    Google Scholar 

  21. Goldwasser S, Micali S, Tong P (1982) Why and how to establish a private code on a public network. In: Proceedings of the FOCS’82, IEEE, Chicago, pp 134–144

    Google Scholar 

  22. Håstad J (1988) Solving simultaneous modular equations of low degree. SIAM J Comput 17:336–341

    MATH  MathSciNet  Google Scholar 

  23. Håstad J, Näslund M (1998) The security of individual RSA bits. In: IEEE symposium on foundations of computer science, Palo Alto, pp 510–521

    Google Scholar 

  24. Katzenbeisser S (2001) Recent advances in RSA cryptography. Kluwer, Norwell

    MATH  Google Scholar 

  25. Lenstra AK, Lenstra HW Jr, Lovász L (1982) Factoring polynomials with rational coefficients. Mathematische Ann 261: 513–534

    Google Scholar 

  26. Manger J (2001) A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0. In: Kilian J (ed) Advances in cryptology – CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 260–274

    Google Scholar 

  27. Miller GL (1976) Riemann’s hypothesis and tests for primality. J Comput Syst Sci 13(3):300–317

    MATH  Google Scholar 

  28. Motwani R, Raghavan P (1995) Randomized algorithms. Cambridge University Press, Cambridge

    MATH  Google Scholar 

  29. Okamoto T, Pointcheval D (2001) REACT: rapid enhanced-security asymmetric cryptosystem transform. In: Naccache D (ed) Proceedings cryptographers’ track RSA conference (CT-RSA) 2001. Lecture notes in computer science, vol 2020. Springer, Berlin, pp 159–175

    Google Scholar 

  30. Rivest RL, Shamir A, Adleman LM (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126

    MATH  MathSciNet  Google Scholar 

  31. Shoup V (2001) A proposal for an ISO standard for public key encryption (version 2.1). Manuscript, December 20. http://shoup.net/papers/

  32. Vazirani U, Vazirani V (1984) RSA bits are.\(732 + \epsilon \) secure. In: Chaum D (ed) Proceedings of the CRYPTO’83. Plenum, New York, pp 369–375

    Google Scholar 

  33. Wiener M (1990) Cryptanalysis of short RSA secret exponents. IEEE Trans Inform Theory 36(3):553–558

    MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, 77 Massachusetts Avenue, 02139-4307, Cambridge, MA, USA

    Ronald L Rivest (Dr.)

  2. Office of the CTO, EMC Corporation, 176 South Street, 01748, Hopkinton, MA, USA

    Burt Kaliski Jr. (Dr.)

Authors
  1. Ronald L Rivest
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Burt Kaliski Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

  2. Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media, LLC

About this entry

Cite this entry

Rivest, R.L., Kaliski, B. (2011). RSA Problem. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_475

Download citation

Publish with us

Policies and ethics

Search

Navigation