+

CN111193593B - RSA public key password cracking method - Google Patents

RSA public key password cracking method Download PDF

Info

Publication number
CN111193593B
CN111193593B CN201911373227.XA CN201911373227A CN111193593B CN 111193593 B CN111193593 B CN 111193593B CN 201911373227 A CN201911373227 A CN 201911373227A CN 111193593 B CN111193593 B CN 111193593B
Authority
CN
China
Prior art keywords
prime
column
numbers
row
integer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201911373227.XA
Other languages
Chinese (zh)
Other versions
CN111193593A (en
Inventor
张景刚
薛星
陈永乐
王旭
陈俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taiyuan University of Technology
Original Assignee
Taiyuan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiyuan University of Technology filed Critical Taiyuan University of Technology
Priority to CN201911373227.XA priority Critical patent/CN111193593B/en
Publication of CN111193593A publication Critical patent/CN111193593A/en
Application granted granted Critical
Publication of CN111193593B publication Critical patent/CN111193593B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Complex Calculations (AREA)

Abstract

本发明公开了一种RSA公钥密码破解方法通过事先建立素数阶乘表,只需234列的表格即可囊括所有617位十进制数位的整数(RSA‑2048是617位)的素因子组合方式,即分解最大617位十进制数位的整数最多只需要遍历132列左右的素数阶乘表,找到每列中的备选数并相加即可。与传统需要遍历所有不大于

Figure DEST_PATH_IMAGE002
的试除整数分解方法相比,降低了比较次数和计算量。为RSA加密算法的安全性分析提供了有益参考;本发明是一种可快速分解两因子位数较接近的合数的方法,其主要应用在RSA大模数分解的场景中,对利用分解大模数破解RSA密码体制的攻击方法有推进作用。
Figure 201911373227

The invention discloses a method for cracking RSA public key ciphers. By establishing a prime number factorial table in advance, only 234 columns of tables are needed to include all prime factor combinations of integers with 617 decimal digits (RSA‑2048 is 617 digits), namely To decompose an integer with a maximum of 617 decimal digits, you only need to traverse the prime factorial table with about 132 columns at most, find the candidate numbers in each column and add them up. With the traditional need to traverse all not greater than

Figure DEST_PATH_IMAGE002
Compared with the trial division integer decomposition method, the number of comparisons and the amount of calculation are reduced. It provides a useful reference for the security analysis of the RSA encryption algorithm; the present invention is a method that can quickly decompose a composite number with two factors whose digits are relatively close, and it is mainly used in the scene of RSA large modulus decomposition, which has a large impact on the utilization of decomposition The attack method of modulus cracking the RSA cryptosystem has a promotion effect.
Figure 201911373227

Description

一种RSA公钥密码破解方法A method for cracking RSA public key password

技术领域Technical Field

本发明涉及整数分解技术领域,特别是涉及一种RSA公钥密码破解方法。The present invention relates to the technical field of integer decomposition, and in particular to a method for cracking an RSA public key password.

背景技术Background Art

随着素数及算数基本定理的提出,早在公元前300年,整数分解的概念也应运而生。数学在早期的发展主要由日常生活与商业来驱动,而整数分解在这两个领域中均无较大的作用,故而整数分解的研究只能依靠兴趣的驱动。直到20世纪70年代后期,对公钥密码的研究成为了研究整数分解最主要的动力。试除法是目前已知的最早的整数分解方法。费马在1643年提出了一些有关整数分解的思路,这些思路直至今日依旧处于整数分解的核心。费马提出将一个整数写作两平方数之差的形式。如已知合数N,则努力寻找两整数x和y,使得N可被写作,则N的两因子分别为和。With the introduction of prime numbers and the fundamental theorem of arithmetic, the concept of integer factorization came into being as early as 300 BC. The early development of mathematics was mainly driven by daily life and business, and integer factorization did not play a big role in these two fields, so the research on integer factorization could only rely on interest. It was not until the late 1970s that the study of public key cryptography became the main driving force for the study of integer factorization. Trial division is the earliest known integer factorization method. Fermat proposed some ideas about integer factorization in 1643, which are still at the core of integer factorization today. Fermat proposed to write an integer as the difference of two square numbers. If a composite number N is known, try to find two integers x and y so that N can be written as, then the two factors of N are and.

作为一个多产的数学家,欧拉(Euler)对整数分解这一问题同样进行了研究,并发展了费马的方法。但欧拉的方法只关注于具有特殊形式的整数,如。欧拉的方法与费马的类似,寻找到两个整数x和y,使得N可以写作如上的形式。用此方法,欧拉在当时成功的分解了一些较大的整数。法国数学家勒让德(Legendre)提出了基于平方同余(Congruent ofSquares)的方法,这一方法是许多现代整数分解的核心。但当时计算能力有限,勒让德的分解方法可分解的整数位数有限。当计算能力较为可观时,勒让德的方法确为最有效的分解方法。1801年,德国数学家高斯出版了他的《算数研究》(Disquisitiones Arithmeticae)一书。书中提到了许多有关整数分解的思路和方法。高斯的方法非常复杂但可类比于埃氏筛法,简单来说,这种方法通过寻找非常多的模n的二次剩余并以此来排除许多有可能为因子的素数。这种筛选的思路是现代整数分解方法中最为重要的一种思路。在勒让德与高斯之后的很多年中都没有新的整数分解方法出现,即使是勒让德和高斯的方法,由于计算能力有限分解10-15位的整数依然需要大量的工作。As a prolific mathematician, Euler also studied the problem of integer decomposition and developed Fermat's method. But Euler's method only focuses on integers with special forms, such as. Euler's method is similar to Fermat's, finding two integers x and y so that N can be written as above. Using this method, Euler successfully decomposed some larger integers at the time. French mathematician Legendre proposed a method based on the congruence of squares, which is the core of many modern integer decompositions. But at that time, computing power was limited, and Legendre's decomposition method could only decompose a limited number of integers. When computing power is more considerable, Legendre's method is indeed the most effective decomposition method. In 1801, German mathematician Gauss published his book "Disquisitiones Arithmeticae". The book mentions many ideas and methods about integer decomposition. Gauss's method is very complicated but can be compared to the sieve of Ehrlich. In simple terms, this method eliminates many prime numbers that may be factors by finding a large number of quadratic residues modulo n. This screening idea is the most important idea in modern integer decomposition methods. For many years after Legendre and Gauss, no new integer decomposition methods appeared. Even with Legendre and Gauss's method, decomposing 10-15 digit integers still requires a lot of work due to limited computing power.

19世纪末期,世界的各地有一些人彼此独立的建立出各种用于进行繁琐计算的机器。1896年,劳伦斯描述了一种机器,它使用可移动的纸带通过可移动的齿轮,其中齿数表示排除模量,纸上的穿透位置代表可接受的余数。这台机器虽然从未真正被建造出来,但它激发了其他人建造出与此类似的机器。1910年之后,莫里斯·克拉奇克(MauriceKraitchik)用劳伦斯的思想建造了一台机器。与此同时,Geraerardin和Carissan兄弟建造了类似的机器,但是在第一次世界大战之后,Carissan兄弟建造了第一台可行的筛分机,显示出良好的效果(机器是手动的)。最成功的机器制造者是Lehmer,他似乎不知道Carissans和Kraitchik多年来的工作,他制造了大量的筛分设备,其中一些推动了他那个时代的现代技术。Kraitchik和Lehmer的机器及其使用的算法与后来开发的二次筛分算法非常相似。In the late 19th century, several people around the world independently built various machines for performing tedious calculations. In 1896, Lawrence described a machine that used a movable paper tape passing through a movable gear, where the number of teeth represented the exclusion modulus and the position of the penetration on the paper represented the acceptable remainder. Although this machine was never actually built, it inspired others to build similar machines. After 1910, Maurice Kraitchik built a machine using Lawrence's ideas. At the same time, Geraerardin and the Carissan brothers built similar machines, but after World War I, the Carissan brothers built the first viable sieving machine that showed good results (the machine was manually operated). The most successful machine builder was Lehmer, who seemed unaware of the work of the Carissans and Kraitchiks for many years and built a large number of sieving devices, some of which advanced the modern technology of his time. Kraitchik and Lehmer's machines and the algorithms they used were very similar to the quadratic sieving algorithms that were later developed.

直到20世纪70年代,由于计算机计算能力的提升和公钥密码学的发展,对整数分解的研究具有了实际意义。约翰波拉德(John Pollard)与1974年提出了算法,一年之后他又提出了算法。这两种算法都只针对特殊形式的整数。1975年,Morrison和Brillhart提出了连分数分解算法,这是第一个适用所有整数的快速分解算法。1982年Carl Pomerance提出了二次筛法(Quadratic sieve)。利用二次筛法,整数分解的位数于1983年提升至71bits。1988年8月31日,约翰波拉德(John Pollard)给A.M.Odlyzko写了一封信,并将其拷贝转呈给了Richard P.Brent,J.Brillhart,H.W.Lenstra,C.P.Schnorr和H.Suyama。在这封信中,John Pollard提出了利用代数数域分解特殊形式的整数的思路。不久之后,数域筛法被正式提出。数域筛法是一种最复杂的整数分解算法但却是目前最快速的整数分解算法,数域筛法目前成功分解了768bits。然而数域筛法是概率性整数分解方法,具有一定的随机性,因此目前在整数分解领域也鲜有突破。It was not until the 1970s that the study of integer decomposition became practical due to the improvement of computer computing power and the development of public key cryptography. John Pollard proposed an algorithm in 1974, and a year later he proposed another algorithm. Both algorithms are only for special forms of integers. In 1975, Morrison and Brillhart proposed the continued fraction decomposition algorithm, which was the first fast decomposition algorithm applicable to all integers. In 1982, Carl Pomerance proposed the quadratic sieve. Using the quadratic sieve, the number of bits of integer decomposition was increased to 71 bits in 1983. On August 31, 1988, John Pollard wrote a letter to A.M.Odlyzko and forwarded a copy to Richard P.Brent, J.Brillhart, H.W.Lenstra, C.P.Schnorr and H.Suyama. In this letter, John Pollard proposed the idea of using algebraic number fields to decompose special forms of integers. Soon after, the number field sieve method was formally proposed. The number field sieve method is the most complex integer decomposition algorithm, but it is currently the fastest integer decomposition algorithm. The number field sieve method has successfully decomposed 768 bits. However, the number field sieve method is a probabilistic integer decomposition method with a certain degree of randomness, so there are few breakthroughs in the field of integer decomposition.

发明内容Summary of the invention

本发明的目的在于避免现有技术的不足之处而提供一种RSA公钥密码破解方法。The purpose of the present invention is to avoid the shortcomings of the prior art and provide a RSA public key cryptography decryption method.

为解决上述技术问题,本发明采用的一个技术方案是:提供一种RSA公钥密码破解方法,包括:In order to solve the above technical problems, a technical solution adopted by the present invention is: to provide an RSA public key password cracking method, comprising:

将自然数以不同素数阶乘为间隔划分区域,并根据区域大小及区域边界建立素数阶乘表;其中,素数阶乘表的构建原理为:各列第一行中的整数表示前n个素数阶乘的乘积,记作Pn!,各列中其余行中的数为第一行的数依次与不大于第n+1个素数pn+1的正整数相乘的乘积;The natural numbers are divided into regions with different prime factorials as intervals, and a prime factorial table is established according to the region size and region boundary; wherein, the construction principle of the prime factorial table is: the integers in the first row of each column represent the product of the first n prime factorials, denoted as P n !, and the numbers in the remaining rows of each column are the products of the numbers in the first row multiplied in sequence by a positive integer not greater than the n+1th prime number p n+1 ;

获取RSA公钥密码的模数,将模数记为M,对M开方并取整,并计算

Figure GDA0004126839710000031
的位数,记其位数为s;Get the modulus of the RSA public key cipher, record the modulus as M, take the square root of M and round it, and calculate
Figure GDA0004126839710000031
The number of digits is recorded as s;

利用素数阶乘表中对应数位数列s列的第一行元素

Figure GDA0004126839710000032
整除
Figure GDA0004126839710000033
Use the first row element of the corresponding digit column s in the prime factorial table
Figure GDA0004126839710000032
Divisibility
Figure GDA0004126839710000033

Figure GDA0004126839710000034
Figure GDA0004126839710000034

其中,Q表示第s列选择第Q行的数字作为后续寻找素因子的中间数;Among them, Q means that the number in the Qth row is selected in the sth column as the middle number for subsequent search for prime factors;

以第s列第Q行作为中间数,在第Q行的上下两个方向选择一个整数a0和b0相乘,并与中间数作差,遍历所有可能取值情况,选择差值最小的一组数;Take the sth column and Qth row as the middle number, select an integer a 0 and b 0 in the upper and lower directions of the Qth row, multiply them, and subtract them from the middle number, traverse all possible values, and select the set of numbers with the smallest difference;

在第s-i列寻找两整数ai和bi,使得(a0+a1+…+ai)·(b0+b1+…+bi)与RSA公钥密码的模数M的差值最小;若任选两整数都有(a0+a1+…+ai)·(b0+b1+...+bi)>M,则此列中仅挑选一个数,将另一整数设为0,即Find two integers ai and b i in the si-th column such that the difference between ( a0 + a1 +…+a i )·( b0 + b1 +…+b i ) and the modulus M of the RSA public key cryptography is minimal; if any two integers have ( a0 + a1 +…+a i )·( b0 + b1 +…+b i )>M, then only one number is selected from this column and the other integer is set to 0, that is,

(a0+a1+…+ai-1+0)·(b0+b1+…+bi_1+bi)(a 0 +a 1 +…+a i-1 +0)·(b 0 +b 1 +…+b i_1 +b i )

or

(a0+a1+…+ai-1+ai)·(b0+b1+…+bi_1+0)(a 0 +a 1 +…+a i-1 +a i )·(b 0 +b 1 +…+b i_1 +0)

以此步骤逐列递减至第二列;This step is repeated column by column until the second column;

获取RSA公钥密码的模数,将模数记为M,对M开方并取整,并计算

Figure GDA0004126839710000041
的位数,记其位数为s;Get the modulus of the RSA public key cipher, record the modulus as M, take the square root of M and round it, and calculate
Figure GDA0004126839710000041
The number of digits is recorded as s;

利用素数阶乘表中对应数位数列s列的第一行元素

Figure GDA0004126839710000042
整除
Figure GDA0004126839710000043
Use the first row element of the corresponding digit column s in the prime factorial table
Figure GDA0004126839710000042
Divisibility
Figure GDA0004126839710000043

Figure GDA0004126839710000044
Figure GDA0004126839710000044

其中,Q表示第s列选择第Q行的数字作为后续寻找素因子的中间数;Among them, Q means that the number in the Qth row is selected in the sth column as the middle number for subsequent search for prime factors;

以第s列第Q行作为中间数,在第Q行的上下两个方向各选择一个整数a0和b0相乘,并与中间数作差,遍历所有可能取值情况,选择差值最小的一组数;Take the sth column and Qth row as the middle number, select an integer a 0 and b 0 in the upper and lower directions of the Qth row, multiply them, and subtract them from the middle number, traverse all possible values, and select a set of numbers with the smallest difference;

在第s-i列寻找两整数ai和bi,使得(a0+a1+…+ai)·(b0+b1+…+bi)与RSA公钥密码的模数M的差值最小;若任选两整数都有(a0+a1+…+ai)·(b0+b1+…+bi)>M,则此列中仅挑选一个数,将另一整数设为0,即Find two integers ai and b i in the si-th column such that the difference between ( a0 + a1 +…+a i )·( b0 + b1 +…+b i ) and the modulus M of the RSA public key cryptography is minimal; if any two integers have ( a0 + a1 +…+a i )·( b0 + b1 +…+b i )>M, then only one number is selected from this column and the other integer is set to 0, that is,

(a0+a1+…+ai_1+0)·(b0+b1+…+bi-1+bi)(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i-1 +b i )

or

(a0+a1+…+ai_1+ai)·(b0+b1+…+bi-1+0)(a 0 +a 1 +…+a i_1 +a i )·(b 0 +b 1 +…+b i-1 +0)

以此步骤逐列递减至第二列;This step is repeated column by column until the second column;

判断模数M的素因子类型,若M为M=6n+1型整数,则分别在属性列中6n+1型素数中寻找两整数α1和α2或ε1和ε2,使得Determine the prime factor type of the modulus M. If M is an integer of type M = 6n+1, then find two integers α 1 and α 2 or ε 1 and ε 2 in the 6n+1 prime numbers in the attribute column, such that

(a0+a1+…+ai1)·(b0+b1+…+bi2)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M

or

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

若M为M=6n-1型合数,则在属性列的6n+1区域和6n-1区域分别各寻找一个整数α1和ε1,使得满足If M is a composite number of type M=6n-1, then find an integer α 1 and ε 1 in the 6n+1 region and 6n-1 region of the attribute column respectively, so that

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

or

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

则找到模数M的两个素因子,实现对RSA公钥密码的破解。Then find the two prime factors of the modulus M and crack the RSA public key cryptography.

区别于现有技术,本发明的RSA公钥密码破解方法通过事先建立素数阶乘表,只需234列的表格即可囊括所有617位十进制数位的整数(RSA-2048是617位)的素因子组合方式,即分解最大617位十进制数位的整数最多只需要遍历132列左右的素数阶乘表,找到每列中的备选数并相加即可。与传统需要遍历所有不大于

Figure GDA0004126839710000051
的试除整数分解方法相比,降低了比较次数和计算量。为RSA加密算法的安全性分析提供了有益参考。Different from the prior art, the RSA public key password cracking method of the present invention establishes a prime factorial table in advance, and only needs a table of 234 columns to include all prime factor combinations of integers with 617 decimal digits (RSA-2048 is 617 digits). That is, to decompose an integer with a maximum of 617 decimal digits, it is only necessary to traverse the prime factorial table of about 132 columns at most, find the candidate numbers in each column and add them up.
Figure GDA0004126839710000051
Compared with the trial division integer decomposition method, it reduces the number of comparisons and the amount of calculation. It provides a useful reference for the security analysis of the RSA encryption algorithm.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明提供的一种RSA公钥密码破解方法的逻辑示意图;FIG1 is a logic diagram of an RSA public key password cracking method provided by the present invention;

图2是本发明提供的一种RSA公钥密码破解方法中各列选择备选数的流程示意图。FIG. 2 is a schematic diagram of a flow chart of selecting candidate numbers for each column in a method for cracking an RSA public key password provided by the present invention.

具体实施方式DETAILED DESCRIPTION

下面结合具体实施方式对本发明的技术方案作进一步更详细的描述。显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动的前提下所获得的所有其他实施例,都应属于本发明保护的范围。The technical solution of the present invention is further described in more detail below in conjunction with specific implementation methods. Obviously, the described embodiments are only part of the embodiments of the present invention, rather than all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without making creative work should belong to the scope of protection of the present invention.

如图1所示,本发明提供一种RSA公钥密码破解方法,包括步骤:As shown in FIG1 , the present invention provides a method for cracking an RSA public key password, comprising the steps of:

将自然数以不同素数阶乘为间隔划分区域,并根据区域大小及区域边界建立素数阶乘表;其中,素数阶乘表的构建原理为:各列第一行中的整数表示前n个素数阶乘的乘积,记作Pn!,各列中其余行中的数为第一行的数依次与不大于第n+1个素数pn+1的正整数相乘的乘积;The natural numbers are divided into regions with different prime factorials as intervals, and a prime factorial table is established according to the region size and region boundary; wherein, the construction principle of the prime factorial table is: the integers in the first row of each column represent the product of the first n prime factorials, denoted as P n !, and the numbers in the remaining rows of each column are the products of the numbers in the first row multiplied in sequence by a positive integer not greater than the n+1th prime number p n+1 ;

获取RSA公钥密码的模数,将模数记为M,对M开方并取整,并计算

Figure GDA0004126839710000061
的位数,记其位数为s;Get the modulus of the RSA public key cipher, record the modulus as M, take the square root of M and round it, and calculate
Figure GDA0004126839710000061
The number of digits is recorded as s;

利用素数阶乘表中对应数位数列s列的第一行元素

Figure GDA0004126839710000062
整除
Figure GDA0004126839710000063
Use the first row element of the corresponding digit column s in the prime factorial table
Figure GDA0004126839710000062
Divisibility
Figure GDA0004126839710000063

Figure GDA0004126839710000064
Figure GDA0004126839710000064

其中,Q表示第s列选择第Q行的数字作为后续寻找素因子的中间数;Among them, Q means that the number in the Qth row is selected in the sth column as the middle number for subsequent search for prime factors;

以第s列第Q行作为中间数,在第Q行的上下两个方向选择一个整数a0和b0相乘,并与中间数作差,遍历所有可能取值情况,选择差值最小的一组数;Take the sth column and Qth row as the middle number, select an integer a 0 and b 0 in the upper and lower directions of the Qth row, multiply them, and subtract them from the middle number, traverse all possible values, and select the set of numbers with the smallest difference;

在第s-i列寻找两整数ai和bi,使得(a0+a1+…+ai)·(b0+b1+…+bi)与RSA公钥密码的模数M的差值最小;若任选两整数都有(a0+a1+…+ai)·(b0+b1+…+bi)>M,则此列中仅挑选一个数,将另一整数设为0,即Find two integers ai and b i in the si-th column such that the difference between ( a0 + a1 +…+a i )·( b0 + b1 +…+b i ) and the modulus M of the RSA public key cryptography is minimal; if any two integers have ( a0 + a1 +…+a i )·( b0 + b1 +…+b i )>M, then only one number is selected from this column and the other integer is set to 0, that is,

(a0+a1+…+ai-1+0)·(b0+b1+…+bi-1+bi)(a 0 +a 1 +…+a i-1 +0)·(b 0 +b 1 +…+b i-1 +b i )

or

(a0+a1+…+ai-1+ai)·(b0+b1+…+bi-1+0)(a 0 +a 1 +…+a i-1 +ai)·(b 0 +b 1 +…+b i-1 +0)

以此步骤逐列递减至第二列;This step is repeated column by column until the second column;

获取RSA公钥密码的模数,将模数记为M,对M开方并取整,并计算

Figure GDA0004126839710000065
的位数,记其位数为s;Get the modulus of the RSA public key cipher, record the modulus as M, take the square root of M and round it, and calculate
Figure GDA0004126839710000065
The number of digits is recorded as s;

利用素数阶乘表中对应数位数列s列的第一行元素

Figure GDA0004126839710000066
整除
Figure GDA0004126839710000067
Use the first row element of the corresponding digit column s in the prime factorial table
Figure GDA0004126839710000066
Divisibility
Figure GDA0004126839710000067

Figure GDA0004126839710000068
Figure GDA0004126839710000068

其中,Q表示第s列选择第Q行的数字作为后续寻找素因子的中间数;Among them, Q means that the number in the Qth row is selected in the sth column as the middle number for subsequent search for prime factors;

以第s列第Q行作为中间数,在第Q行的上下两个方向各选择一个整数a0和b0相乘,并与中间数作差,遍历所有可能取值情况,选择差值最小的一组数;Take the sth column and Qth row as the middle number, select an integer a 0 and b 0 in the upper and lower directions of the Qth row, multiply them, and subtract them from the middle number, traverse all possible values, and select a set of numbers with the smallest difference;

在第s-i列寻找两整数ai和bi,使得(a0+a1+…+ai)·(b0+b1+…+bi)与RSA公钥密码的模数M的差值最小;若任选两整数都有(a0+a1+…+ai)·(b0+b1+…+bi)>M,则此列中仅挑选一个数,将另一整数设为0,即Find two integers ai and b i in the si-th column such that the difference between ( a0 + a1 +…+a i )·( b0 + b1 +…+b i ) and the modulus M of the RSA public key cryptography is minimal; if any two integers have ( a0 + a1 +…+a i )·( b0 + b1 +…+b i )>M, then only one number is selected from this column and the other integer is set to 0, that is,

(a0+a1+…+ai_1+0)·(b0+b1+…+bi_1+bi)(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i_1 +b i )

or

(a0+a1+…+ai_1+ai)·(b0+b1+…+bi_1+0)(a 0 +a 1 +…+a i_1 +ai)·(b 0 +b 1 +…+b i_1 +0)

以此步骤逐列递减至第二列;This step is repeated column by column until the second column;

判断模数M的素因子类型,若M为M=6n+1型整数,则分别在属性列中6n+1型素数中寻找两整数α1和α2或ε1和ε2,使得Determine the prime factor type of the modulus M. If M is an integer of type M = 6n+1, then find two integers α 1 and α 2 or ε 1 and ε 2 in the 6n+1 prime numbers in the attribute column, such that

(a0+a1+…+ai1)·(b0+b1+…+bi2)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M

or

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

若M为M=6n-1型合数,则在属性列的6n+1区域和6n-1区域分别各寻找一个整数α1和ε1,使得满足If M is a composite number of type M=6n-1, then find an integer α 1 and ε 1 in the 6n+1 region and 6n-1 region of the attribute column respectively, so that

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

or

(a0+a1+…+ai1)·(b0+b1+…+bi1)=M(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M

则找到模数M的两个素因子,实现对RSA公钥密码的破解。Then find the two prime factors of the modulus M and crack the RSA public key cryptography.

本发明的目的在于利用素数阶乘构造的素数阶乘表分解大整数,使得分解大整数的复杂度降低。The purpose of the present invention is to decompose a large integer using a prime factorial table constructed by a prime factorial, so that the complexity of decomposing the large integer is reduced.

概括地说,本发明方法包括两部分:In summary, the method of the present invention comprises two parts:

1)构造分解大整数的素数阶乘表;1) Construct a prime factorial table for decomposing large integers;

2)利用素数阶乘表分解RSA的模。2) Use the prime factorial table to decompose the RSA modulus.

由薛氏筛法可知,可将全体素数表示为α=6n+1型与ε=6n-1型素数。From the Scheher sieve, we know that all prime numbers can be represented as prime numbers of the type α=6n+1 and ε=6n-1.

α=6n+1型合数M有两种素因子乘积形式,分别为:The composite number M of type α=6n+1 has two prime factor product forms, namely:

(1)M=(α·α)=(6n1+1)(6n2+1)=6(6n1n2+n1+n2)+1;(1)M=(α·α)=(6n 1 +1)(6n 2 +1)=6(6n 1 n 2 +n 1 +n 2 )+1;

(2)M=(ε·ε)=(6n1-1)(6n2-1)=6(6n1n2-n1-n2)+1;(2)M=(ε·ε)=(6n 1 -1)(6n 2 -1)=6(6n 1 n 2 -n 1 -n 2 )+1;

ε=6n-1型合数M有一种素因子乘积形式,为:The composite number M of type ε=6n-1 has a prime factor product form, which is:

M=(α·ε)=(6n1+1)(6n2-1)=6(6n1n2+n1-n2)-1M=(α·ε)=(6n 1 +1)(6n 2 -1)=6(6n 1 n 2 +n 1 -n 2 )-1

由上述两条性质,已知合数M类型,可推知其两素数因子的类型。From the above two properties, if the type of composite number M is known, the types of its two prime factors can be inferred.

在构造素数阶乘表时,如表1所示。只有素数构成的阶乘为素数阶乘,其中Pn为第n个素数值,令Pn!表示前n个素数的素数阶乘,则Pn!=P1*P2…PnWhen constructing a prime factorial table, as shown in Table 1, only factorials consisting of prime numbers are prime factorials, where Pn is the nth prime value, and Pn ! represents the prime factorial of the first n prime numbers, then Pn ! = P1 * P2Pn .

Figure GDA0004126839710000081
Figure GDA0004126839710000081

Figure GDA0004126839710000091
Figure GDA0004126839710000091

表1素数阶乘表Table 1 Prime factorial table

在表1中,从第二列开始,第n列的第一行表示前n+1个素数的素数阶乘。如P3!=2*3*5=30,P4!=2*3*5*7=210,P5!=2*3*5*7*11=2310,…,依此类推剩余诸列。每一列的值分别表示当前素数阶乘作为基数的倍数积。如第n列中行号分别与素数阶乘的乘积,其中行号最大值是第n+2个素数值,依此类推剩余诸列。In Table 1, starting from the second column, the first row of the nth column represents the prime factorials of the first n+1 prime numbers. For example, P 3 ! = 2*3*5 = 30, P 4 ! = 2*3*5*7 = 210, P 5 ! = 2*3*5*7*11 = 2310, ..., and so on for the remaining columns. The value of each column represents the product of the current prime factorial as a multiple of the base. For example, the product of the row number in the nth column and the prime factorial, where the maximum row number is the value of the n+2th prime, and so on for the remaining columns.

依此逻辑构造如表1的分解大整数需要的素数阶乘表。Based on this logic, we construct the prime factorial table required to decompose large integers as shown in Table 1.

在素数阶乘表中属性列的使用过程中,首先通过一个示例引出素因子范围的概念。In the process of using the attribute columns in the prime factorial table, the concept of prime factor range is first introduced through an example.

如第二列第1行的数30与属性列第1行的数7相加可得37,可表示为:For example, the sum of the number 30 in the first row of the second column and the number 7 in the first row of the attribute column is 37, which can be expressed as:

P3!·1+7P 3 ! ·1+7

=2×3×5×1+7=2×3×5×1+7

=(2×3)×5×1+7=(2×3)×5×1+7

=6×5+7=6×(5+1)+1.=6×5+7=6×(5+1)+1.

这符合表中属性列中的6n+1型。This corresponds to the 6n+1 type in the attribute column of the table.

如第二列第7行的数210与属性列第5行的数29相加可得239,可表示为For example, the sum of the number 210 in the 7th row of the second column and the number 29 in the 5th row of the attribute column is 239, which can be expressed as

P3!·7+29P 3 ! ·7+29

=30×7+29=6×(35+5)-1.=30×7+29=6×(35+5)-1.

这符合表中属性列中的6n-1型。This corresponds to the 6n-1 type in the attribute column of the table.

将第二列中的所有数分别与属性列中的所有数相加。可依次得到范围是37~241的6n+1型的数,范围是35~239的6n-1型的数,且包括了该范围内的所有素数。Add all the numbers in the second column to all the numbers in the attribute column. You can get 6n+1 numbers ranging from 37 to 241 and 6n-1 numbers ranging from 35 to 239, including all prime numbers in this range.

同理,在第三列、第二列与属性列中分别任取一个数并相加,遍历三列中所有可能取值情况,可分别得到范围为247~2551的6n+1型的数,范围是245~2549的6n-1型的数,且包括了该范围内的所有素数。Similarly, by randomly selecting a number from the third column, the second column, and the attribute column and adding them together, and traversing all possible values in the three columns, we can obtain 6n+1 numbers ranging from 247 to 2551 and 6n-1 numbers ranging from 245 to 2549, which include all prime numbers in this range.

因在各列中任取一数与属性列中上下两部分相加均为6n+1型与6n-1型的数,可推知,素数阶乘表中各列数字相加可表示所有素数。Since the sum of any number in each column and the upper and lower parts in the attribute column is a number of the type 6n+1 and 6n-1, it can be inferred that the sum of the numbers in each column in the prime factorial table can represent all prime numbers.

本发明提供一个采用本发明方法的分解RSA大整数的实例。The present invention provides an example of decomposing a large RSA integer using the method of the present invention.

在本实施例中,鉴于实际使用的RSA模数的数位过于庞大,不利于展示,此处选择RSA56(17位十进制位数)整数作为示例,其实施方式和过程与大数位的RSA模数完全相同。In this embodiment, since the number of digits of the RSA modulus actually used is too large to be conducive to display, an RSA56 (17 decimal digits) integer is selected here as an example, and its implementation method and process are exactly the same as those of the RSA modulus with large digits.

假设待分解整数为M=19852601254923961。Assume that the integer to be decomposed is M = 19852601254923961.

第一步需确定如表1所示的素数阶乘表的适用范围。The first step is to determine the scope of application of the prime factorial table shown in Table 1.

如图1所示,用6整除m得商Q=3308766875820660,余数R=1。As shown in FIG1 , when m is divided by 6, the quotient Q=3308766875820660 is obtained, and the remainder R=1.

由薛氏筛法理论,若整数m是合数,则其两因子具有According to Scheher's sieve theory, if the integer m is a composite number, then its two factors have

1.(6n1+1)(6n2+1)形式。1. (6n 1 +1)(6n 2 +1) form.

2.(6n1-1)(6n2-1)形式。2. (6n 1 -1)(6n 2 -1) form.

由此,如图1所示,利用素数阶乘表分解整数时,属性列仅选择(6n+1)部分,或仅选择(6n-1)的部分。Therefore, as shown in FIG1 , when an integer is decomposed using the prime factorial table, the attribute column selects only the (6n+1) part, or only the (6n-1) part.

再将整数m开方并取整,得

Figure GDA0004126839710000111
其位数s为9位。Then take the square root of the integer m and round it to the integer, and we get
Figure GDA0004126839710000111
The number of digits s is 9.

素数阶乘表中第七列和第八列中包含有9位数,且

Figure GDA0004126839710000112
小于第八列第一行的数223092870。则将素数阶乘表中的第七列选为分解整数的起始列。The seventh and eighth columns of the prime factorial table contain 9 digits, and
Figure GDA0004126839710000112
is smaller than the number in the first row of the eighth column, 223092870. Then the seventh column in the prime factorial table is selected as the starting column for factoring integers.

接下来从第qi1列起,依次向前从各列中挑选两数ai,bi作为各列的备选数,如图2所示。Next, starting from the qi1th column, two numbers a i , b i are selected from each column in turn as candidate numbers for each column, as shown in Figure 2.

对于第七列,从第七列中可重复的任选两数相乘并与整数M做差,取乘积不大于整数M的两数作为此列中的两个备选数a7,b7.若找到两数乘积等于M,则结束分解,如图2所示。For the seventh column, multiply any two numbers in the seventh column and subtract them from the integer M, and take two numbers whose product is not greater than the integer M as the two candidate numbers a 7 , b 7 in this column. If the product of two numbers is equal to M, the decomposition is terminated, as shown in Figure 2.

此处选择126095970*155195040=19569469107988800。其中126095970和155195040为本列两备选数。Here we choose 126095970*155195040=19569469107988800. 126095970 and 155195040 are two alternative numbers in this column.

对于第六列,从第六列中可重复的任选两数分别于第七列中a7,b7相加并相乘,取乘积不大于整数M的两数作为此列中的两个备选数a6,b6.若找到两数乘积等于M,则结束分解。For the sixth column, select any two numbers that can be repeated in the sixth column and add them to a 7 , b 7 in the seventh column and multiply them. Take two numbers whose product is not greater than the integer M as the two candidate numbers a 6 , b 6 in this column. If the product of two numbers is equal to M, the decomposition is terminated.

此处选择(126095970+1021020)(155195040+510510)=19792820842294500。其中1021020和510510为本列中两备选数。Here we choose (126095970+1021020)(155195040+510510)=19792820842294500. 1021020 and 510510 are two alternative numbers in this column.

对于之后第五列至属性列的每一列,均从此列中可重复的选择两数与选择出的备选数相加后相乘,并选择出乘积不大于整数M的两数作为此列中的两个备选数ai,bi。各列过程与结果排列如下:For each of the fifth to attribute columns, two numbers are repeatedly selected from this column, added to the selected candidate numbers, and then multiplied, and two numbers whose product is not greater than the integer M are selected as the two candidate numbers a i , b i in this column. The process and results of each column are arranged as follows:

第五列:Fifth column:

(126095970+1021020+330330)*(155195040+510510+30030)=19848082299645600.其中330330和30030是本列中的备选数。(126095970+1021020+330330)*(155195040+510510+30030)=19848082299645600. Among them, 330330 and 30030 are alternative numbers in this column.

第四列:Fourth column:

(126095970+1021020+330330+18480)*(155195040+510510+30030+11550)=19852432523154000(126095970+1021020+330330+18480)*(155195040+510510+30030+11550)=19852432523154000

第三列:Third column:

由于此列中任选两数与前几列中的备选数相加,乘积均大于整数M,因此此处仅选择一个备选数,如图2所示,如下,Since the product of any two numbers in this column and the candidate numbers in the previous columns is greater than the integer M, only one candidate number is selected here, as shown in Figure 2, as follows,

(126095970+1021020+330330+18480+0)*(155195040+510510+30030+11550+1050)=19852566362244000。(126095970+1021020+330330+18480+0)*(155195040+510510+30030+11550+1050)=19852566362244000.

第二列:Second column:

(126095970+1021020+330330+18480+0+90)*(155195040+510510+30030+11550+1050+120)=19852595675487000。(126095970+1021020+330330+18480+0+90)*(155195040+510510+30030+11550+1050+120)=19852595675487000.

以上选出了第二列至第七列中各列的备选数。接下来选择属性列中的备选数。The above selects the candidate numbers in columns 2 to 7. Next, select the candidate numbers in the attribute column.

由薛氏筛法可知,属性列中的两备选数仅出自(6n+1)部分或(6n-1)部分。遍历寻找(6n+1)部分内,没有满足条件的备选数。According to the Scheher sieve method, the two candidate numbers in the attribute column can only come from the (6n+1) part or the (6n-1) part. We search through the (6n+1) part and find that there is no candidate number that meets the conditions.

遍历寻找(6n-1)部分内的数,找到两备选数17和23,如下,Traverse and search for the numbers in the (6n-1) part, and find two alternative numbers 17 and 23, as follows,

(126095970+1021020+330330+18480+0+90+17)*(155195040+510510+30030+11550+1050+120+23)=(126095970+1021020+330330+18480+0+90+17)*(155195040+510510+30030+11550+1050+120+23)=

127465907*155748323=19852601254923961。此时分解整数M完毕。127465907*155748323=19852601254923961. At this point, the decomposition of the integer M is complete.

如图1所示,若遍历完所有列后找不到乘积等于整数M的备选数组合,则整数M无法分解,是一素数。As shown in Figure 1, if no alternative number combination whose product is equal to the integer M is found after traversing all columns, then the integer M cannot be decomposed and is a prime number.

区别于现有技术,本发明的RSA公钥密码破解方法通过事先建立素数阶乘表,只需234列的表格即可囊括所有617位十进制数位的整数(RSA-2048是617位)的素因子组合方式,即分解最大617位十进制数位的整数最多只需要遍历132列左右的素数阶乘表,找到每列中的备选数并相加即可。与传统需要遍历所有不大于

Figure GDA0004126839710000131
的试除整数分解方法相比,降低了比较次数和计算量。为RSA加密算法的安全性分析提供了有益参考。Different from the prior art, the RSA public key password cracking method of the present invention establishes a prime factorial table in advance, and only needs a table of 234 columns to include all prime factor combinations of integers with 617 decimal digits (RSA-2048 is 617 digits). That is, to decompose an integer with a maximum of 617 decimal digits, it is only necessary to traverse the prime factorial table of about 132 columns at most, find the candidate numbers in each column and add them up.
Figure GDA0004126839710000131
Compared with the trial division integer decomposition method, it reduces the number of comparisons and the amount of calculation. It provides a useful reference for the security analysis of the RSA encryption algorithm.

以上所述仅为本发明的实施方式,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above description is only an implementation mode of the present invention, and does not limit the patent scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the present invention specification and drawings, or directly or indirectly applied in other related technical fields, are also included in the patent protection scope of the present invention.

Claims (1)

1. A RSA public key password cracking method is applied to security analysis of an RSA encryption algorithm and is characterized by comprising the following steps:
dividing the natural number into regions at intervals by factoring different prime numbers, and establishing a prime number factorization table according to the size of the regions and the boundaries of the regions; the construction principle of the prime factorization table is as follows: the attribute column is a first column, starting from a second column, a first row of an nth column represents prime number factorization of the first n +1 prime numbers, the value of each column represents the multiple product of the current prime number factorization as a base number, row numbers in the nth column are respectively multiplied by the prime number factorization, the maximum value of the row numbers is n +2 prime number values, and the numbers in the rest rows in each column are the numbers of the first row and are not more than n +1 prime numbers p n+1 The product of multiplication by a positive integer of (d);
obtaining the modulus of RSA public key password, recording the modulus as M, squaring and rounding M, and calculating
Figure FDA0004126839700000011
The number of the bits is recorded as s;
using the first row element of the corresponding digit sequence s in the prime factorization table
Figure FDA0004126839700000012
Adjusting and removing device>
Figure FDA0004126839700000013
Figure FDA0004126839700000014
Wherein, Q represents the number of the s column selecting the Q row as the intermediate number of the subsequent searching prime factor;
selecting an integer a in the upper and lower directions of the No. Q row with the No. s row and No. Q row as the middle number 0 And b 0 Multiplying, and making difference with the intermediate number, traversing all possible value-taking conditions, and selecting a group of numbers with the minimum difference;
looking for two integers a in the s-i column i And b i So that (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) The difference value with the modulus M of the RSA public key password is minimum; if optionally both integers have (a) 0 +a 1 +…+a i )·(b 0 +b 1 +…+b i ) If M is greater than M, only one number is selected from the row, and the other integer is set to 0, that is
(a 0 +a 1 +…+a i_1 +0)·(b 0 +b 1 +…+b i_1 +b i )
Or
(a 0 +a 1 +…+a i_1 +a i )·(b 0 +b 1 +…+b i_1 +0)
Decreasing the number of rows to the second row;
judging the prime factor type of the modulus M, if M is an integer of M =6n +1 type, respectively searching two integers alpha in prime numbers of 6n +1 type in an attribute column 1 And alpha 2 Or epsilon 1 And ε 2 So that
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i2 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
If M is the number of M =6n-1 type, respectively searching an integer alpha in a 6n +1 region and a 6n-1 region of the attribute column 1 And epsilon 1 So as to satisfy
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Or
(a 0 +a 1 +…+a i1 )·(b 0 +b 1 +…+b i1 )=M
Two prime factors of the modulus M are found, and the RSA public key password is cracked.
CN201911373227.XA 2019-12-27 2019-12-27 RSA public key password cracking method Expired - Fee Related CN111193593B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911373227.XA CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911373227.XA CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Publications (2)

Publication Number Publication Date
CN111193593A CN111193593A (en) 2020-05-22
CN111193593B true CN111193593B (en) 2023-04-18

Family

ID=70709370

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911373227.XA Expired - Fee Related CN111193593B (en) 2019-12-27 2019-12-27 RSA public key password cracking method

Country Status (1)

Country Link
CN (1) CN111193593B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113900476A (en) * 2021-10-11 2022-01-07 吴鸿邦 Novel algorithm for efficiently decomposing prime numbers and synthesizing RSA (rivest-Shamir-Adleman) passwords

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913433A (en) * 2006-07-21 2007-02-14 北京理工大学 Application of elliptic curve key exchange method in MANET network
CN102769528A (en) * 2012-06-15 2012-11-07 刘诗章 Quick large number decomposition method based on cryptographic technology application
CN103618601A (en) * 2013-12-11 2014-03-05 武汉大学 Preselected integer factorization-based RSA (Rivest, Shamir and Adleman) password cracking system and method
CN103873239A (en) * 2014-03-31 2014-06-18 刘诗章 Method for rapid generation of even number prime pair based on application of even number public key system
CN104079561A (en) * 2014-06-09 2014-10-01 中国电子科技集团公司第十五研究所 Secret key attacking method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2946207A1 (en) * 2009-05-28 2010-12-03 Proton World Internat Nv PROTECTION OF FIRST NUMBER GENERATION FOR RSA ALGORITHM

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913433A (en) * 2006-07-21 2007-02-14 北京理工大学 Application of elliptic curve key exchange method in MANET network
CN102769528A (en) * 2012-06-15 2012-11-07 刘诗章 Quick large number decomposition method based on cryptographic technology application
CN103618601A (en) * 2013-12-11 2014-03-05 武汉大学 Preselected integer factorization-based RSA (Rivest, Shamir and Adleman) password cracking system and method
CN103873239A (en) * 2014-03-31 2014-06-18 刘诗章 Method for rapid generation of even number prime pair based on application of even number public key system
CN104079561A (en) * 2014-06-09 2014-10-01 中国电子科技集团公司第十五研究所 Secret key attacking method and device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"An efficient method for integer factorization";Haibo Yu et al.;《2015 IEEE International Symposium on Circuits and Systems (ISCAS)》;20150730;全文 *
"An Efficient Method to Factorize the RSA Public Key Encryption";B.R. Ambedkar et al.;《2011 International Conference on Communication Systems and Network Technologies》;20110729;全文 *
RSA密码分析中分解大整数的判定算法;孙克泉;《计算机工程》;20100805(第15期);全文 *
大整数分解算法综述;杨江帅;《信息技术与网络安全》;20181110(第11期);全文 *

Also Published As

Publication number Publication date
CN111193593A (en) 2020-05-22

Similar Documents

Publication Publication Date Title
Heath-Brown The density of rational points on curves and surfaces
Black et al. Kronecker products for compact semisimple Lie groups
Alawida A novel DNA tree-based chaotic image encryption algorithm
CN105281894B (en) Plaintext encryption method and system based on seven-order magic cube
WO2023040361A1 (en) Image encryption method based on improved class promotion scheme
Rahman et al. MAKE: A matrix action key exchange
CN111193593B (en) RSA public key password cracking method
CN112005288B (en) Secret aggregate median system, secret computing device, secret aggregate median method, and recording medium
Zhang et al. Multiple-image encryption algorithm based on Sarrus rule and 3D Fibonacci matrix
Cheng et al. Private inference for deep neural networks: A secure, adaptive, and efficient realization
TW200403584A (en) Apparatus and method for calculating a result of a modular multiplication
JP6321216B2 (en) Matrix / key generation device, matrix / key generation system, matrix combination device, matrix / key generation method, program
Kannwischer Polynomial multiplication for post-quantum cryptography
CN107992283A (en) A kind of method and apparatus that finite field multiplier is realized based on dimensionality reduction
Kleinjung Quadratic sieving
CN103559678A (en) Scrambling and restoring method of shp line-face layer data
CN108932388A (en) A kind of mould 2 based on quantum superposition statenSubtracter design method
CN118860489A (en) An efficient privacy-preserving machine learning method and system for GPU
CN103618601B (en) Preselected integer factorization-based RSA (Rivest, Shamir and Adleman) password cracking system and method
CN116414351A (en) A realization method of ring polynomial multiplication on GPU
CN108717683A (en) A kind of close figure camouflage restoration methods of combination key and random orthogonal tensor base
CN115017523A (en) Distributed data security encryption method, transmission method and related device
CN114978487A (en) Quantum image encryption method based on two-dimensional cross mapping and dynamic diffusion
Nong et al. Efficient algorithms for the inverse sort transform
Feng Sequences and Mathematical Induction: In Mathematical Olympiad and Competitions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20230418

CF01 Termination of patent right due to non-payment of annual fee
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载