7/24/2019 Sa200 Lecture RSA10

1/24

.

2015 5- 1

7/24/2019 Sa200 Lecture RSA10

2/24

QSIEVE

p,q

N

p, q

N

7/24/2019 Sa200 Lecture RSA10

3/24

.| -

3/24

7/24/2019 Sa200 Lecture RSA10

4/24

RSA

7/24/2019 Sa200 Lecture RSA10

5/24

.

Cd mod n = P

d p,q .

.| -

5/24

7/24/2019 Sa200 Lecture RSA10

6/24

200- .

QSIEVE . QSIEVE- -

sage .

:

$ aptaddr e p o s i t o r y y ppa : aims/ sagemath$ aptg e t u pd at e

$ aptg et i n s t a l l sagemathupstreamb i n a r y$ s a ge$ s a g e : f a c t o r ( 0 x 0c b7 4e 97 5c 8a 77 69 90 c1 4d d5 89 )

$ s a g e : 9 6 53 5 83 8 77 7 45 6 9 1043621447459873

.| -

6/24

7/24/2019 Sa200 Lecture RSA10

7/24

QSIEVE-

.

.| -

7/24

7/24/2019 Sa200 Lecture RSA10

8/24

N=a2 b2 = (a+b) (a b) .

N a, b a, b

.

Fer matFactor (N):

a

7/24/2019 Sa200 Lecture RSA10

9/24

.

.| -

9/24

7/24/2019 Sa200 Lecture RSA10

10/24

QSIEVE

.

a=

N a- . -

.

a21b1:a22b2 (mod N)b1 b2=y2 .a2

1a2

2x2

b1

b2

y2 (mod N) .

x2 y2 = (x+y) (x y) =N ra= gcd(x y, N), b= gcd(x+y, N) .

.| -

10/24

7/24/2019 Sa200 Lecture RSA10

11/24

: N= 1649

412 32 : 422 115 : 432 200 (mod 1649)

32 = 25 : 200 = (23) (52)

(32) (200) = (25+3) (52) = ((24) (5))2 = 802

(32) (200) = 802 (412) (432)1142 (mod 1649)

(gcd[114 80, 1649]) (gcd[114 + 80, 1649]) = (17) (97) = 1649

.| -

11/24

7/24/2019 Sa200 Lecture RSA10

12/24

p,q

p, q pq .

.| -

12/24

7/24/2019 Sa200 Lecture RSA10

13/24

N

N p, q 0

p, q .

:

N = pq = 10000004400000259 . p, q .

p= a1 10x1 +a2 10x2 +...+an 10xn

q=b1 10y1 +b2 10y2 +...+bn 10yn

0 p, q 2

.

.| -

13/24

7/24/2019 Sa200 Lecture RSA10

14/24

p= a1

10x1 +a2 , q=b1

10y1 +b2,

N=a1b1 10x1+y1 +a2b1 10y1 +a1b2 10x1 +a2b2a2 b2= 259,

a2b1 10y1

+a1b2 10x1

= 44000 . . . 0,

a1b1 10x1+y1 = 1000 . . . 0

a2= 7, b2= 37, a1= 1, b1= 1

7 + 37 = 44 x1 =y1= 8 .

p= 1 108 + 7, q= 1 108 + 37

.| -

14/24

7/24/2019 Sa200 Lecture RSA10

15/24

p, q

2p 1 . 27 1 = 127 =0b1111111

. p, q 0 1- .

N= 127 8191 = 1040257 = 0b11111101111110000001

000 . . . 001 .

.| -

15/24

7/24/2019 Sa200 Lecture RSA10

16/24

N

N , -

N p, q .

.

.| -

16/24

7/24/2019 Sa200 Lecture RSA10

17/24

c1me1 (mod n)c2

me2 (mod n)

gcd(e1, e2) = 1 e1a+e2b = 1 a, b . .

a, b

mca1 cb2 (mod n) = (me1)a (me2)b (mod n) =me1a+e2b (mod n) =m (mod n) =m

.| -

17/24

7/24/2019 Sa200 Lecture RSA10

18/24

a, b . - . a- .

c1- .

i= c11 mod n

m= ia cb2modn

m .

.| - 18/24

7/24/2019 Sa200 Lecture RSA10

19/24

n

gcd(n1, n2) =p, p >1, p=n

n p, q .

.

.| - 19/24

7/24/2019 Sa200 Lecture RSA10

20/24

.

.

d < 13N 14 .

kd> e

N .

k = ed1(N) ,

.

S={k1d1

, k2d2

, . . . , krdr

, }

.| - 20/24

7/24/2019 Sa200 Lecture RSA10

21/24

ti = edi1ki - .

ti

X2

(N ti+ 1)X+N= 0 N -

, ti = (N) .

.|

- 21/24

7/24/2019 Sa200 Lecture RSA10

22/24

Convergents u/v u1/v1- .

219313/427381 = 0.5131557088405896

x= a0+ 1

a1+ 1

a2+ 1

a3+ 1a4

.

a0 0 .

.

x= [a0; a1, a2, . . . , an] .

:

.|

- 22/24

7/24/2019 Sa200 Lecture RSA10

23/24

S= ([a0; ], [a0; a1], [a0; a1, a2], [a0; a1, a2, a3], [a0; a1, a2, a3, a4], . . .) .

:

219313 = 0 427381 + 219313427381 = 1

219313 + 208068

219313 = 1 208068 + 11245208068 = 18 11245 + 565811245 = 1 5658 + 55875658 = 1 5587 + 715587 = 78

71 + 49

71 = 1 49 + 2249 = 2 22 + 522 = 4 5 + 2

.|

- 23/24

7/24/2019 Sa200 Lecture RSA10

24/24

5 = 2 2 + 12 = 2 1 + 0

219313/427381 = 0.5131557088405896 = [0; 1, 1, 18, 1, 1, 78, 1, 2, 4, 2, 2]

: S= (12 ,1937 ,

2039 ,

3976)

.|

- 24/24