The security of public key cryptosystems based on integer factorization

Abstract

Public-key encryption schemes are substantially slower than symmetric-key encryption algorithms. Therefore public-key encryption is used in practice together with symmetric algorithms in hybrid systems. The paper gives a survey of the state of art in public-key cryptography. Thereby special attention is payed to the different realizations of RSA-type cryptosystems. Though EIGamal-type cryptosystems on elliptic curves are of great interest in light of recent advances, the original RSA-cryptosystem is still the most widely used public-key procedure. After a comparison of public-key cryptosystems based on integer factorization and discrete logarithms a detailed cryptanalysis of RSA-type cryptosystems is given. Known strengths and weaknesses are described and recommendations for the choice of secure parameters are given. Obviously the RSA cryptosystem can be broken if its modulus can be factored. It is an open question if breaking RSA is equivalent to factoring the modulus. The paper presents several modified RSA cryptosystems for which breaking is as difficult as factoring the modulus and gives a general theory for such systems.