Definition
Given an RSA public key (n, e) and a ciphertext C, the RSA Problem is to find a message M such that
Theory
In RSA public-key encryption [30], Alice encrypts a plaintext M for Bob using Bob’s encryption key (n, e) by computing the ciphertext
where n, the modulus, is the product of two or more large primes, and e, the public exponent, is an (odd) integer \(e \geq 3\) that is relatively prime to ϕ(n), the order of the multiplicative group \({\mathbf{ Z}}_{n}^{{_\ast}}\). (Refer Euler’s totient function, modular arithmetic for background on these concepts.) Bob, who knows the corresponding RSA decryption key (n, d), can easily decrypt since \(\mathit{de} = 1(\textrm{ mod}\phi (n))\) implies that
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Alexi WB, Chor B, Goldreich O, Schnorr CP (1984) RSA/Rabin bits are \(1/2 + 1/\mathit{poly}(\log (N))\) secure. In: Proceedings of FOCS’84, Singer Island. IEEE, pp 449–457
Alexi WB, Chor B, Goldreich O, Schnorr CP (1988) RSA and Rabin functions: certain parts are as hard as the whole. SIAM J Comput 17(2):194–209
Barić N, Pfitzmann B (1997) Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy W (ed) Advances in cryptology – EUROCRYPT’97. Lecture notes in computer science, vol 1233. Springer, Berlin, pp 480–494
Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption. In: Krawczyk H (ed) Advances in cryptology – CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 26–45
Bellare M, Rogaway P (1996) Optimal asymmetric encryption – how to encrypt with RSA. In: DeSantis A (ed) Advances in cryptology – EUROCRYPT’94. Lecture notes in computer science, vol 950. Springer, Berlin, pp 92–111
Bellare M, Rogaway P (1996) The exact security of digital signatures – how to sign with RSA and Rabin. In: Maurer U (ed) Advances in cryptology – EUROCRYPT’96. Lecture notes in computer science, vol 1070. Springer, Berlin, pp 399–416
Bleichenbacher D (1988) Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk H (ed) Advances in cryptology – CRYPTO’98. Lecture notes in computer science, vol 1462. Springer, Berlin, pp 1–12
Boneh D, Durfee G (2000) Cryptanalysis of RSA with private key d less than N 0. 292. IEEE Trans Inform Theory 46(4):1339–1349
Boneh D, Venkatesan R (1988) Breaking RSA may not be equivalent to factoring. In: Nyberg K (ed) Advances in cryptology – EUROCRYPT’98. Lecture notes in computer science, vol 1403. Springer, Berlin, pp 59–71
Boneh D (1999) Twenty years of attacks on the RSA cryptosystem. Not Am Math Soc 46(2):203–213
Chor B, Goldreich O (1985) RSA/Rabin least significant bits are \(1/2 + 1/\mathit{poly}(\log \ \mathrm{n})\) secure. In: Blakley GR, Chaum DC (eds) Advances in cryptology – CRYPTO’84. Lecture notes in computer science, vol 196. Springer, Berlin, pp 303–313
Coppersmith D, Franklin M, Patarin J, Reiter M (1996) Low-exponent RSA with related messages. In: Maurer V (ed) Advances in cryptography – EUROCRYPT’96. Lecture notes in computer science, vol 1070. Springer, Berlin, pp 1–9
Cramer R, Shoup V (2000) Signature schemes based on the strong RSA assumption. ACM Trans Inform Syst Sec 3(3): 161–185
Davida G (1982) Chosen signature cryptanalysis of the RSA (MIT) public key cryptosystem. Technical report TR-CS-82-2, Deptartment of EECS, University of Wisconsin, Milwaukee
DeLaurentis JM (1984) A further weakness in the common modulus protocol for the RSA cryptoalgorithm. Cryptologia 8:253–259
Desmedt Y, Odlyzko AM (1986) A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes. In: Williams HC (ed) Advances in cryptology – CRYPTO’85. Lecture notes in computer science, vol 218. Springer, Berlin, pp 516–522
Fischlin R, Schnorr C-P (2000) Stronger security proofs for RSA and Rabin bits. J Cryptol 13(2):221–244
Fujisaki E, Okamoto T (1997) Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski BS Jr (ed) Advances in cryptology – CRYPTO’97. Lecture notes in computer science, vol 1294. Springer, Berlin, pp 16–30
Fujisaki E, Okamoto T, Pointcheval D, Stern J (2004) RSA-OAEP is secure under the RSA assumption. J Cryptol 17(2): 81–104
Gennaro R, Halevi S, Rabin T (1999) Secure hash-and-sign signatures without the random oracle. In: Stern J (ed) Advances in cryptography – EUROCRYPT’99. Lecture notes in computer science, vol 1592. Springer, Berlin, pp 123–139
Goldwasser S, Micali S, Tong P (1982) Why and how to establish a private code on a public network. In: Proceedings of the FOCS’82, IEEE, Chicago, pp 134–144
Håstad J (1988) Solving simultaneous modular equations of low degree. SIAM J Comput 17:336–341
Håstad J, Näslund M (1998) The security of individual RSA bits. In: IEEE symposium on foundations of computer science, Palo Alto, pp 510–521
Katzenbeisser S (2001) Recent advances in RSA cryptography. Kluwer, Norwell
Lenstra AK, Lenstra HW Jr, Lovász L (1982) Factoring polynomials with rational coefficients. Mathematische Ann 261: 513–534
Manger J (2001) A chosen ciphertext attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as standardized in PKCS #1 v2.0. In: Kilian J (ed) Advances in cryptology – CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin, pp 260–274
Miller GL (1976) Riemann’s hypothesis and tests for primality. J Comput Syst Sci 13(3):300–317
Motwani R, Raghavan P (1995) Randomized algorithms. Cambridge University Press, Cambridge
Okamoto T, Pointcheval D (2001) REACT: rapid enhanced-security asymmetric cryptosystem transform. In: Naccache D (ed) Proceedings cryptographers’ track RSA conference (CT-RSA) 2001. Lecture notes in computer science, vol 2020. Springer, Berlin, pp 159–175
Rivest RL, Shamir A, Adleman LM (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126
Shoup V (2001) A proposal for an ISO standard for public key encryption (version 2.1). Manuscript, December 20. http://shoup.net/papers/
Vazirani U, Vazirani V (1984) RSA bits are.\(732 + \epsilon \) secure. In: Chaum D (ed) Proceedings of the CRYPTO’83. Plenum, New York, pp 369–375
Wiener M (1990) Cryptanalysis of short RSA secret exponents. IEEE Trans Inform Theory 36(3):553–558
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Rivest, R.L., Kaliski, B. (2011). RSA Problem. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_475
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_475
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering