Status report on factoring (At the Sandia national laboratories)

Abstract

It is well known that the cryptosecurity of the RSA (Rivest-Shamir-Adleman) two key cryptoalgorithm [1] is no better that the composite melulus is difficult to factor. Except for one special case, the converse statement is still an open and extremely important question. It is not so wll known, perhaps, that there are several other crypto-like schemes whose performanc is also bounded by the diffuculty of factoring large numbers: the digital signaure schemes of Ong—Schnorr [2], of Ong-Schrnorr-Shamir [3] and of Schnorr [4], the oblivius transefer of chennel of Rabin [5] and the subliminal channel of Simmons [6] to name only a few. The point is that the difficulty of factoring large integers has become a vital parameter in estimating the security achievable in many secure data schemes -- and conversely factoring techniques are potentially a tool for the cryptanalyst if the cryptographer misjudges the difficulty of factoring a composite number on which he bases a system.