Re: RSA - Public vs. Private Keys

Hi,
Small public exponent combined with correct padding (OEAP) gives
strongest version of RSA (see Boneh and Venkatesan), while as small
private exponent makes RSA trivially breakable. Weiner attack (1990) on
small private exponent by using continued fraction is a polynomial time
algorithm that works on private exponents smaller than n**0.292 (n is
modulus). Note that 0.292 is improved bounds for Weiner attack by Boneh
and Durfee in 2000 (Cryptanalysis of RSA with private key d less than
N**0.292) where they also conjectured that if d < n**0.5, then there
exists an efficient algorithm to determine d from public key.
Even so there were some early articles on RSA (until middle of 80th)
that suggested using equal size encryption and decryption exponents, no
serious cryptographer would suggests it now.
RSA or not - if you want two way encrypted communication - you
should use two pairs of keys. That's it.

-Valery
http://www.harper.no/valery

.

Relevant Pages

  • Re: A question about modular exponentiation
    ... > One can also compute the private exponent in a slightly different way: ... > I ran tests on this, generating primes to produce RSA keys ... Therefore, d is inverse of e both for mod lambda, and for phi. ...
    (sci.crypt)
  • A question about modular exponentiation
    ... One can also compute the private exponent in a slightly different way: ... generating primes to produce RSA keys ... with modulus length of 512, ...
    (sci.crypt)
  • Re: RSA encryption/decryption
    ... > private exponent and must be hidden from others. ... That key is encrypted with 512bit RSA key. ... d and N so I can decrypt every key for that software. ... Encryption and decryption are little reversed here. ...
    (sci.crypt)
  • Re: RSA key length and more
    ... Do you mean the private exponent? ... Do you understand how RSA works? ... Your post sounds like homework problems. ... What textbook are you using? ...
    (sci.crypt)