CN111193593B - RSA public key password cracking method - Google Patents

RSA public key password cracking method Download PDF

Info

Publication number
CN111193593B
CN111193593B CN201911373227.XA CN201911373227A CN111193593B CN 111193593 B CN111193593 B CN 111193593B CN 201911373227 A CN201911373227 A CN 201911373227A CN 111193593 B CN111193593 B CN 111193593B
Authority
CN
China
Prior art keywords
prime
column
row
numbers
integer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911373227.XA
Other languages
Chinese (zh)
Other versions
CN111193593A (en
Inventor
张景刚
薛星
陈永乐
王旭
陈俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taiyuan University of Technology
Original Assignee
Taiyuan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiyuan University of Technology filed Critical Taiyuan University of Technology
Priority to CN201911373227.XA priority Critical patent/CN111193593B/en
Publication of CN111193593A publication Critical patent/CN111193593A/en
Application granted granted Critical
Publication of CN111193593B publication Critical patent/CN111193593B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention discloses an RSA public key password cracking method, which comprises the steps of establishing a prime number factorial table in advance, covering all 617 decimal integers (RSA-2048 is 617) by only needing a 234-column table, namely decomposing the largest 617 decimal integer, only traversing 132 columns of the prime number factorial table at most, finding out alternative numbers in each column and adding. Traverse all the data not larger than the conventional requirement
Figure DEST_PATH_IMAGE002
Compared with the trial division integer decomposition method, the comparison times and the calculation amount are reduced. The method provides a beneficial reference for the security analysis of the RSA encryption algorithm; the invention relates to a method for rapidly decomposing a composite number with two approximate factor digits, which is mainly applied to a scene of RSA large-modulus decomposition and has a propulsion effect on an attack method for breaking an RSA cryptosystem by decomposing a large modulus.

Description

RSA public key password cracking method
Technical Field
The invention relates to the technical field of integer decomposition, in particular to an RSA public key password cracking method.
Background
With the basic theorem of prime numbers and arithmetic, the concept of integer decomposition should be generated as early as 300 years before the common element. The early development of mathematics was primarily driven by daily life and business, while integer factorization had no major role in either of these areas, so that integer factorization studies could only be driven by interest. Until the late 70 s of the 20 th century, public key cryptography was studied as the most prominent impetus for integer factorization. Trial division is the earliest known integer decomposition method. Fermat proposed several ideas on integer decomposition in 1643, which remained at the core of integer decomposition until today. Fermat proposed writing an integer as the difference between two squares. If the composite number N is known, then an effort is made to find two integers x and y so that N can be written as a sum of the two factors of N, respectively.
As a prolific mathematician, euler (Euler) also studied the problem of integer factorization and developed a Fermat method. The euler method, however, only focuses on integers having a particular form, such as. The Euler method is similar to that of Fermat, looking for two integers, x and y, so that N can be written as above. In this way, euler successfully decomposed some of the larger integers at that time. The french mathematician Legendre (Legendre) proposed a square congruence (concount of Squares) based approach, which is at the heart of many modern integer decompositions. However, the computational power is limited at the time, and the integer bits resolvable by Legendre decomposition method are limited. When the computing power is considerable, legendre's method is the most effective decomposition method. In 1801, his book of mathematics research (dispititions arithmetric) was published by gauss, a german mathematician. Many ideas and methods are mentioned in the book regarding integer decomposition. The gaussian method is very complex but can be analogized to the ehrlich method, which simply eliminates many possible factored prime numbers by finding a very large number of quadratic residuals of modulo n. The screening idea is the most important idea in the modern integer decomposition method. No new integer decomposition methods have emerged many years after legendre and gaussian, even though legendre and gaussian methods require a lot of work to decompose 10-15 bit integers due to limited computational power.
At the end of the 19 th century, several people worldwide have built, independently of each other, various machines for performing cumbersome calculations. In 1896, lorens described a machine that used a movable paper web passing through a movable gear, where the number of teeth represented the excluded modulus and the penetration location on the paper represented an acceptable remainder. This machine, although never actually built, motivates others to build machines similar to this. After 1910, a machine was built using the idea of Lorentz in Morius Clarkeck (Maurice Kraitchik). At the same time, gerarrain and Carissan brothers built similar machines, but after the first world war, carissan brothers built the first viable screening machine, showing good results (machines were manual). The most successful machine manufacturer, lehmer, appears to be unaware of Carissans and Kraitchik's work for many years, who manufactures a large number of screening devices, some of which drive his era's modern technology. The machines of Kraitchik and Lehmer and the algorithms used by them are very similar to the second screening algorithms developed later.
Until the 70's of the 20 th century, the study of integer factorization was of practical significance due to the increase in computer computing power and the development of public key cryptography. The algorithm was proposed in John polard (John Pollard) and 1974, and one year later he. Both algorithms are directed only to specific forms of integers. In 1975, morrison and Brillhart proposed a continuous fraction factorization algorithm, which was the first fast factorization algorithm to apply to all integers. The Quadratic sieve method was proposed by Carl Pomerance in 1982. The number of bits of integer decomposition was promoted to 71bits in 1983 by the second sieve method. On 31.8.1988, john Pollard (John Pollard) written a letter to a.m.oldyzko and transferred copies to Richard p.breen, j.brillhart, h.w.lenstra, c.p.schnorr and h.suyama. In this envelope, john Pollard proposes the idea of decomposing a particular form of integer using the algebraic number domain. After a while, several field screening has been formally proposed. The number domain screening method is the most complex integer decomposition algorithm but the fastest integer decomposition algorithm at present, and the number domain screening method successfully decomposes 768bits at present. However, the number domain sieve method is a probabilistic integer decomposition method and has a certain randomness, so that the current integer decomposition field has a breakthrough.
Disclosure of Invention
The invention aims to provide an RSA public key password cracking method to avoid the defects of the prior art.
In order to solve the technical problems, the invention adopts a technical scheme that: a RSA public key password cracking method is provided, which comprises the following steps:
dividing the natural number into regions at intervals by factoring different prime numbers, and establishing a prime number factorization table according to the size of the regions and the boundaries of the regions; the construction principle of the prime factorization table is as follows: the integer in the first row of each column represents the product of the first n prime factorials, denoted P n | A The number of the rest rows in each column is the number of the first row and is not more than n +1 prime number p n+1 The product of multiplication by a positive integer of (d);
obtaining modulus of RSA public key cipher, marking the modulus as M, squaring and rounding M, and calculating
Figure GDA0004126839710000031
The number of bits of (a) is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure GDA0004126839710000032
Adjusting and removing device>
Figure GDA0004126839710000033
Figure GDA0004126839710000034
Wherein Q represents the number of the No. s column selection No. Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +...+b i )>M, then only choose in this rowOne number is selected and the other integer is set to 0, i.e.
(a 0 +a 1 +…+a i-1 +0)·(b 0 +b 1 +…+b i_1 +b i )
Or
(a 0 +a 1 +…+a i-1 +a i )·(b 0 +b 1 +…+b i_1 +0)
Decreasing the number of rows to the second row;
obtaining the modulus of RSA public key password, recording the modulus as M, squaring and rounding M, and calculating
Figure GDA0004126839710000041
The number of the bits is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure GDA0004126839710000042
Adjusting and removing device>
Figure GDA0004126839710000043
Figure GDA0004126839710000044
Wherein Q represents the number of the No. s column selection No. Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i )>M, thenOnly one number is selected in the row and the other integer is set to 0, i.e.
(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i-1 +b i )
Or
(a 0 +a 1 +…+a i_1 +a i )·(b 0 +b 1 +…+b i-1 +0)
Decreasing the number of rows to the second row;
judging the prime factor type of the modulus M, if M is an integer of M =6n +1 type, respectively searching two integers alpha in prime numbers of 6n +1 type in an attribute column 1 And alpha 2 Or epsilon 1 And ε 2 So that
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
If M is M =6n-1 type resultant, respectively searching an integer alpha in the 6n +1 region and the 6n-1 region of the attribute column 1 And ε 1 So as to satisfy
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Two prime factors of the modulus M are found, and the RSA public key password is cracked.
Different from the prior art, the RSA public key password cracking method of the invention can contain the prime factor combination mode of all 617 decimal digit integers (the RSA-2048 is 617 bits) by establishing a prime number factorial table in advance, namely the integer decomposing the largest 617 decimal digit only needs to traverse 132 rows at mostAnd (4) finding alternative numbers in each column and adding the alternative numbers to the left and right prime factorization tables. Traverse all the data not larger than the conventional requirement
Figure GDA0004126839710000051
Compared with the trial division integer decomposition method, the comparison times and the calculation amount are reduced. And a beneficial reference is provided for the security analysis of the RSA encryption algorithm.
Drawings
FIG. 1 is a logic diagram of a RSA public key cipher cracking method provided by the present invention;
fig. 2 is a schematic flow chart of selecting alternative numbers for each column in an RSA public key cryptogra phic method according to the present invention.
Detailed Description
The technical solution of the present invention will be further described in more detail with reference to the following embodiments. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive efforts based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.
As shown in fig. 1, the present invention provides a RSA public key password cracking method, which comprises the following steps:
dividing the natural number into regions at intervals by factoring different prime numbers, and establishing a prime number factorization table according to the size of the regions and the boundaries of the regions; the construction principle of the prime factorization table is as follows: the integer in the first row of each column represents the product of the first n prime factorizations, denoted P n | A The number of the rest rows in each column is the number of the first row and is not more than n +1 prime number p n+1 The product of multiplication by a positive integer of (d);
obtaining the modulus of RSA public key password, recording the modulus as M, squaring and rounding M, and calculating
Figure GDA0004126839710000061
The number of bits of (a) is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure GDA0004126839710000062
Adjusting and removing device>
Figure GDA0004126839710000063
Figure GDA0004126839710000064
Wherein Q represents the number of the No. s column selection No. Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i )>M, then only one number is selected from the column and the other integer is set to 0, i.e.
(a 0 +a 1 +…+a i-1 +0)·(b 0 +b 1 +…+b i-1 +b i )
Or
(a 0 +a 1 +…+a i-1 +ai)·(b 0 +b 1 +…+b i-1 +0)
Decreasing the number of rows to the second row;
obtaining modulus of RSA public key cipher, marking the modulus as M, squaring and rounding M, and calculating
Figure GDA0004126839710000065
The number of bits of (a) is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure GDA0004126839710000066
Adjusting and removing device>
Figure GDA0004126839710000067
Figure GDA0004126839710000068
Wherein, Q represents the number of the s column selecting the Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i )>M, then only one number is selected from the column, and the other integer is set to 0, i.e.
(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i_1 +b i )
Or
(a 0 +a 1 +…+a i_1 +ai)·(b 0 +b 1 +…+b i_1 +0)
Decreasing the number of rows to the second row;
judging the prime factor type of the modulus M, if M is an integer of M =6n +1 type, respectively searching two integers alpha in prime numbers of 6n +1 type in the attribute column 1 And alpha 2 Or epsilon 1 And ε 2 So that
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
If M is M =6n-1 type resultant, respectively searching an integer alpha in the 6n +1 region and the 6n-1 region of the attribute column 1 And ε 1 So as to satisfy
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Two prime factors of the modulus M are found, and the RSA public key password is cracked.
The invention aims to decompose a large integer by using a prime factorization table of a prime factorization structure, so that the complexity of decomposing the large integer is reduced.
Broadly, the method of the invention comprises two parts:
1) Constructing a prime factorization table for decomposing large integers;
2) The modulus of the RSA is decomposed using a prime factorial table.
As known from Schoecker's method, the total prime numbers can be expressed as prime numbers of type α =6n +1 and type ε =6 n-1.
The resultant M of the form α =6n +1 has two prime factor product forms:
(1)M=(α·α)=(6n 1 +1)(6n 2 +1)=6(6n 1 n 2 +n 1 +n 2 )+1;
(2)M=(ε·ε)=(6n 1 -1)(6n 2 -1)=6(6n 1 n 2 -n 1 -n 2 )+1;
epsilon =6n-1 type composite number M has a prime factor product form:
M=(α·ε)=(6n 1 +1)(6n 2 -1)=6(6n 1 n 2 +n 1 -n 2 )-1
from the above two properties, the type of the composite number M is known, and the type of the two prime factors can be deduced.
When constructing the prime factorial table, it is shown in table 1. Factoring of only prime numbers into prime-number factoring, where P n Is the nth element value, let P n | A Factoring prime numbers representing the first n prime numbers, then P n !=P 1 *P 2 …P n
Figure GDA0004126839710000081
/>
Figure GDA0004126839710000091
TABLE 1 Prime factorial Table
In table 1, starting from the second column, the first row of the nth column represents the prime factorization of the first n +1 prime numbers. Such as P 3 !=2*3*5=30,P 4 !=2*3*5*7=210,P 5 | A And =2 × 3 × 5 × 7 × 11=2310, \8230, and so on for the remaining columns. The values of each column represent the multiple product of the current prime factorization as a base. E.g., the product of the row number in column n multiplied by the prime number, respectively, where the maximum value of the row number is the n +2 prime number, and so on for the remaining columns.
The prime factorization table required to decompose large integers as in table 1 is constructed in accordance with this logic.
In the use of the attribute columns in the prime factorial table, the concept of prime factor range is first introduced by way of an example.
If the number 30 in the second column, line 1, and the number 7 in the attribute column, line 1 are added to obtain 37, which can be expressed as:
P 3 !·1+7
=2×3×5×1+7
=(2×3)×5×1+7
=6×5+7=6×(5+1)+1.
this corresponds to form 6n +1 in the attribute column of the table.
For example, the sum 239 of the number 210 of the 7 th row in the second column and the number 29 of the 5 th row in the attribute column can be expressed as
P 3 !·7+29
=30×7+29=6×(35+5)-1.
This corresponds to type 6n-1 in the attribute column of the table.
All numbers in the second column are added to all numbers in the attribute column, respectively. Numbers of form 6n +1 ranging from 37 to 241, numbers of form 6n-1 ranging from 35 to 239 are obtained in turn and all prime numbers in this range are included.
Similarly, any number is taken in the third column, the second column and the attribute column respectively and added, and through all possible value taking conditions in the three columns, the number of 6n +1 type with the range of 247-2551 and the number of 6n-1 type with the range of 245-2549 can be obtained respectively, and all prime numbers in the range are included.
As a number is arbitrarily selected in each row and the sum of the upper part and the lower part in the attribute row is the number of 6n +1 type and 6n-1 type, it can be deduced that the sum of the numbers in each row in the prime factorization table can represent all prime numbers.
The present invention provides an example of decomposing RSA large integers using the method of the present invention.
In the present embodiment, since the actually used RSA modulus is too large in number for display, the RSA56 (17 decimal digits) integer is taken as an example, and the implementation manner and the process thereof are exactly the same as those of the large RSA modulus.
Let the integer to be decomposed be M =19852601254923961.
The first step is to determine the applicable range of the prime factorial table as shown in table 1.
As shown in fig. 1, m is divided by 6 integer to give a quotient Q =3308766875820660 with a remainder R =1.
From Schopper's theory, if the integer m is a multiple, then its two factors have
1.(6n 1 +1)(6n 2 + 1) form.
2.(6n 1 -1)(6n 2 -1) form.
Thus, as shown in FIG. 1, when an integer is decomposed using the prime factorization table, the attribute column selects only (6 n + 1) or only (6 n-1).
Then, the integer m is squared and rounded to obtain
Figure GDA0004126839710000111
The number of bits s is 9 bits.
The seventh column and the eighth column of the prime factorial table contain 9 bits, and
Figure GDA0004126839710000112
a number 223092870 less than the eighth column and the first row. The seventh column in the prime factorization table is selected as the starting column to decompose the integer.
Then, two numbers a are selected from the respective columns from the qi1 th column in sequence i ,b i As an alternative number for each column, as shown in fig. 2.
For the seventh column, multiplying any two optional numbers repeatable from the seventh column by the integer M, and taking two numbers whose product is not greater than the integer M as the two alternative numbers a in the column 7 ,b 7 If the product of two numbers is found to be equal to M, the decomposition is ended, as shown in FIG. 2.
126095970 × 155195040= 19569469169107988800 was chosen here. Of which 126095970 and 155195040 are two alternative numbers in this column.
For the sixth column, optionally two numbers repeatable from the sixth column are in the seventh column, respectively 7 ,b 7 Adding and multiplying, and taking two numbers with the product not more than an integer M as two alternative numbers a in the column 6 ,b 6 If the product of two numbers is found to be equal to M, the decomposition is ended.
Here (126095970 + 1021020) (155195040 + 510510) =19792820842294500 is selected. Wherein 1021020 and 510510 are two alternative numbers in the column.
For each column from the fifth column to the attribute column, adding and multiplying the repeatable selected two numbers in the column and the selected alternative number, and selecting two numbers with multiplication products not larger than an integer M as the two alternative numbers a in the column i ,b i . The following procedures and results are arranged as follows:
the fifth column:
(126095970 +1021020+ 330330) (155195040 +510510+ 30030) =19848082299645600, wherein 330330 and 30030 are alternative numbers in this column.
Fourth column:
(126095970+1021020+330330+18480)*(155195040+510510+30030+11550)=19852432523154000
third column:
since any two optional numbers in this column are added to the alternatives in the first few columns, the products are both greater than integer M, so only one alternative is selected here, as shown in fig. 2, as follows,
(126095970+1021020+330330+18480+0)*(155195040+510510+30030+11550+1050)=19852566362244000。
the second column:
(126095970+1021020+330330+18480+0+90)*(155195040+510510+30030+11550+1050+120)=19852595675487000。
the above selects the number of alternatives for each of the second to seventh columns. The number of alternatives in the attribute column is then selected.
As known from Schrodick's method, the two candidates in the attribute list are only from (6n + 1) or (6 n-1) parts. And traversing to find the alternative number which does not meet the condition in the part (6n + 1).
The number in the (6 n-1) part is searched through, two alternatives 17 and 23 are found, as follows,
(126095970+1021020+330330+18480+0+90+17)*(155195040+510510+30030+11550+1050+120+23)=
127465907 × 155748323=19852601254923961. At this point, the decomposition of the integer M is completed.
As shown in fig. 1, if no alternative number combination with the product equal to the integer M can be found after traversing all columns, the integer M cannot be decomposed and is a prime number.
Different from the prior art, the RSA public key password cracking method of the invention can contain all prime factor combination modes of 617 decimal digit integers (the RSA-2048 is 617 bits) by establishing a prime number factorial table in advance, namely, the integer of the largest 617 decimal digit is decomposed at most only by traversing the prime number factorial tables around 132 columns, and the alternative numbers in each column are found and added. Is required to be overCalendar of no more than
Figure GDA0004126839710000131
Compared with the trial division integer decomposition method, the comparison times and the calculation amount are reduced. And a beneficial reference is provided for the security analysis of the RSA encryption algorithm.
The above description is only an embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present specification and the attached drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (1)

1. A RSA public key password cracking method is applied to security analysis of an RSA encryption algorithm and is characterized by comprising the following steps:
dividing the natural number into regions at intervals by factoring different prime numbers, and establishing a prime number factorization table according to the size of the regions and the boundaries of the regions; the construction principle of the prime factorization table is as follows: the attribute column is a first column, starting from a second column, a first row of an nth column represents prime number factorization of the first n +1 prime numbers, the value of each column represents the multiple product of the current prime number factorization as a base number, row numbers in the nth column are respectively multiplied by the prime number factorization, the maximum value of the row numbers is n +2 prime number values, and the numbers in the rest rows in each column are the numbers of the first row and are not more than n +1 prime numbers p n+1 The product of multiplication by a positive integer of (d);
obtaining the modulus of RSA public key password, recording the modulus as M, squaring and rounding M, and calculating
Figure FDA0004126839700000011
The number of the bits is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure FDA0004126839700000012
Adjusting and removing device>
Figure FDA0004126839700000013
Figure FDA0004126839700000014
Wherein, Q represents the number of the s column selecting the Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) If M is greater than M, only one number is selected from the row, and the other integer is set to 0, that is
(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i_1 +b i )
Or
(a 0 +a 1 +…+a i_1 +a i )·(b 0 +b 1 +…+b i_1 +0)
Decreasing the number of rows to the second row;
judging the prime factor type of the modulus M, if M is an integer of M =6n +1 type, respectively searching two integers alpha in prime numbers of 6n +1 type in an attribute column 1 And alpha 2 Or epsilon 1 And ε 2 So that
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
If M is the number of M =6n-1 type, respectively searching an integer alpha in a 6n +1 region and a 6n-1 region of the attribute column 1 And epsilon 1 So as to satisfy
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Two prime factors of the modulus M are found, and the RSA public key password is cracked.
CN201911373227.XA 2019-12-27 2019-12-27 RSA public key password cracking method Active CN111193593B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911373227.XA CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911373227.XA CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Publications (2)

Publication Number Publication Date
CN111193593A CN111193593A (en) 2020-05-22
CN111193593B true CN111193593B (en) 2023-04-18

Family

ID=70709370

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911373227.XA Active CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Country Status (1)

Country Link
CN (1) CN111193593B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113900476A (en) * 2021-10-11 2022-01-07 吴鸿邦 Novel algorithm for efficiently decomposing prime numbers and synthesizing RSA (rivest-Shamir-Adleman) passwords

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913433A (en) * 2006-07-21 2007-02-14 北京理工大学 Application of elliptic curve key exchange method in MANET network
CN102769528A (en) * 2012-06-15 2012-11-07 刘诗章 Quick large number decomposition method based on cryptographic technology application
CN103618601A (en) * 2013-12-11 2014-03-05 武汉大学 Preselected integer factorization-based RSA (Rivest, Shamir and Adleman) password cracking system and method
CN103873239A (en) * 2014-03-31 2014-06-18 刘诗章 Method for rapid generation of even number prime pair based on application of even number public key system
CN104079561A (en) * 2014-06-09 2014-10-01 中国电子科技集团公司第十五研究所 Secret key attacking method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2946207A1 (en) * 2009-05-28 2010-12-03 Proton World Internat Nv PROTECTION OF FIRST NUMBER GENERATION FOR RSA ALGORITHM

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913433A (en) * 2006-07-21 2007-02-14 北京理工大学 Application of elliptic curve key exchange method in MANET network
CN102769528A (en) * 2012-06-15 2012-11-07 刘诗章 Quick large number decomposition method based on cryptographic technology application
CN103618601A (en) * 2013-12-11 2014-03-05 武汉大学 Preselected integer factorization-based RSA (Rivest, Shamir and Adleman) password cracking system and method
CN103873239A (en) * 2014-03-31 2014-06-18 刘诗章 Method for rapid generation of even number prime pair based on application of even number public key system
CN104079561A (en) * 2014-06-09 2014-10-01 中国电子科技集团公司第十五研究所 Secret key attacking method and device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"An efficient method for integer factorization";Haibo Yu et al.;《2015 IEEE International Symposium on Circuits and Systems (ISCAS)》;20150730;全文 *
"An Efficient Method to Factorize the RSA Public Key Encryption";B.R. Ambedkar et al.;《2011 International Conference on Communication Systems and Network Technologies》;20110729;全文 *
RSA密码分析中分解大整数的判定算法;孙克泉;《计算机工程》;20100805(第15期);全文 *
大整数分解算法综述;杨江帅;《信息技术与网络安全》;20181110(第11期);全文 *

Also Published As

Publication number Publication date
CN111193593A (en) 2020-05-22

Similar Documents

Publication Publication Date Title
Rose A course in number theory
Shapiro Introduction to the Theory of Numbers
Eilbeck et al. Abelian functions for trigonal curves of genus three
Borwein et al. Ramanujan and pi
DE102017117907B4 (en) Performing a cryptographic operation
CN111193593B (en) RSA public key password cracking method
Li et al. A image encryption algorithm based on coexisting multi-attractors in a spherical chaotic system
Rahman et al. MAKE: A matrix action key exchange
DE102006025569A1 (en) Modular multiplication process for cryptography uses multiplicand in three bit segments in an multiplication addition operation
CN116150553A (en) Sparse AMG optimization method for CPU+DCU heterogeneous mixed architecture
Lu et al. Faster secure multiparty computation of adaptive gradient descent
TW200403584A (en) Apparatus and method for calculating a result of a modular multiplication
DE102006025713B4 (en) Cryptographic device and cryptographic method for calculating a result of a modular multiplication
Joux et al. When e-th roots become easier than factoring
Kleinjung Quadratic sieving
DE102006025677A1 (en) Operand device for calculating a total result for first and second operands uses an arithmetic unit to process numbers up to a maximum with their amount less than/equal to the product of a module
KR101309797B1 (en) Method for generating sparse w-NAF key, method for processing and method for encrypting thereof
WO2022201791A1 (en) Encryption processing device, encryption processing method, and encryption processing program
Hayes The magic words are squeamish ossifrage
Chiarello et al. An Enumerative Approach to $ P= W$
Kekre et al. Unified fast algorithm for most commonly used transforms using mixed radix and kronecker product
Shen On the Liouville transformation and some inverse spectral problems
Ding et al. The singularity attack to the multivariate signature scheme HIMQ-3
Hilmoine et al. Microscopic spectral density of the Dirac operator derived from Gaussian orthogonal and symplectic ensembles
Perera et al. Sparse Matrix Based Low-Complexity, Recursive, and Radix-2 Algorithms for Discrete Sine Transforms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant