A review of RSA encryption. By: John Imboden RSA encryption is a form of public key encryption used in our everyday lives developed by three men named Rivest, Shamir, and Adleman. It's uses include online transactions as well as corporate data security. The most common method of breaking RSA Encryption is by factoring the private key. The security provided by RSA encryption is based on the idea that it is very simple to multiply two numbers together but it is much more difficult to factor a single large number. In order for a computer to factor a number it basically does it by trying most of the possible combinations of factors to produce the desired result. RSA encryption using small numbers is essentially worthless because a computer can brute force factor it relatively quickly. The time it would take to brute force factor a number is described as the order of the size of the square root of the number to be factored. A number that is 10 digits in length may be factored with at most 105(100,000) cycles. If the number being factored has 50 digits in it then the brute force factoring would take roughly 1025 cycles before coming across the correct pair. 161521746670640296426473658228859984306663 144318152681524054709078245736590366297248 377298082656939330673286493230336261991466 938596691073112968626710792148904239628873 374506302653492009810626437582587089465395 941375496004739918498276676334238241465498 030036586063929902368192004233172032080188 726965600617167 That is 309 digits Using the method described earlier to approximate the time required to brute force factor this key, it would take approximately 10154 cycles in order to brute force factor a number that is 1024 bits. Assuming that a computer is capable of performing one million cycles per second it would take 10149 seconds or 3.16142 Years to come up with a solution. At the moment RSA seems to be extremely secure. The main limitation of factoring this is the fact that the number of computational cores are limited to however many are in the CPU of the machine in question. Daniel J. Bernstein, a mathematics professor at University of Illinois, suggested building a machine specifically for factoring using many computational cores much like a graphics card. The idea was to pipeline the information in such a way that the time required for a complete factorization would be significantly reduced. Estimated Time would go from millions of years to a couple minutes based on the number of cores used in the factoring machine. Bernstein’s goal was not to test RSA Security, the Security questions were brought up only after Bernstein’s Paper was published. "While Bernstein's paper suggests some very clever methods for reducing the amount of memory required to break very large RSA keys, his methods are all implementation techniques for the Number Field Sieve, currently the best method for factoring large numbers. The basic number of operations required by the Number Field Sieve, however, is not reduced. Since previous security estimates for 1024-bit RSA keys are based on the number of operations required by the Number Field Sieve, they still apply." Arguments for RSA encryption state that attacks that aim not at RSA itself but at a given insecure implementation of RSA do not count as "breaking RSA" because it is not any weakness in the RSA algorithm that is exploited, but rather a weakness in a specific implementation. How do you store a key that is 300+ digits long? What happens when a newer faster machine comes to the market? What happens if a more efficient algorithm for factoring large integers is discovered? 1) James Tandon "Exploring RSA Encryption in OpenSSL" Sep 25, 2003 <http://www.linuxjournal.com/article/6826> 2) Zvezdelina Stankova-Frenkel "RSA Encryption" Dec 22, 2000 <http://mathcircle.berkeley.edu/BMC3/rsa/node4.html> 3) X5 Networks "Cryptography: What Would it Take to Break RSA?" Apr 28, 2012 <http://x5.net/faqs/crypto/q10.html> 4) Daniel J. Bernstein "Circuits for Integer Factorization: A Proposal" Nov 9, 2001 <http://cr.yp.to/papers/nfscircuit.pdf> 5) Robert D. Silverman "Has the RSA algorithm been compromised as a result of Bernstein's Paper?" Apr 8, 2002 <http://www.rsa.com/rsalabs/node.asp?id=2007> 6) Divesh Aggarwal and Ueli Maurer "Breaking RSA Generically is Equivalent to Factoring" Jan 23, 2009 <ftp://ftp.inf.ethz.ch/pub/crypto/publications/AggMau09.pdf> 7) Michel I. Gallant "How Big are 1024 bit RSA Keys" Feb 16, 2004 <http://www.jensign.com/JavaScience/dotnet/CSPPrimes/index.html>