You may not know it but cryptography has had an inuential eect upon your life.

If youhave ever purchased something online, or if you have ever bought something with a credit card or used an ATM, encryption has had an impact upon you. You may not even be aware of it but in recent years encryption has become increasingly important in your life. What was once the province of spies and spooks is now something you use everyday, and from here on you may nd yourself encountering encryption even more thanks to a special kind of encryption known as public-key encryption. Before the advance of publickey, cryptography communicating in secret meant that the parties involved had to meet before hand, decide upon an accepted key that would allow only those involved the ability to read the message, and then send the message at a later date. Even the legendary Enigma Machine, the German encryption device that had the allies guessing for much of World War II, required agents to have access to a book of settings for eective use. The emergence of publickey cryptography, specically the RSA algorithm developed by Rivest, Shamir, and Adleman in 1977, however, marked a radical change in the nature of cryptography. For the rst time parties involved in the transmission of secret data no longer needed to agree on a key ahead of time. By simply publishing a public key and keeping the corresponding private key secret,

it became possible to receive encrypted data from anyone at any time without any sort of previous correspondence. It is small wonder then that the ease and eectiveness of RSA and public-key cryptography created an explosion in the availability of encryption. What had once been restricted for military and governmental use all of a sudden became available to anyone who wished to send something with the assurance that only those supposed to see the message would be able to do so. But along with the mass availability of encryption came the question of whether or not RSA was a truly safe method of transferring sensitive data. Questions concerning the mathematical viability of the algorithm along with the ever present concern of human error have led to a crack in the once invincible armor of RSA. But just how bad is this crack? Does it spell the doom of the worlds most popular encryption method, or is it just a sign of the times and with the right precautions RSA will stick around for decades to come? This paper will argue that the current uses of the RSA algorithm contain several potentially dangerous technical and implementation aws that weaken the security it provides. In an attempt to better understand the continued viability of the algorithm it is necessary to discuss the background of RSA, the specics of its

aws, and the implications they could have on the future of information security. 1.1 History of RSA We stand today on the brink of a revolution in cryptography. The development of cheap digital hardware has freed it from the design limitations of mechanical computing and brought the cost of high grade cryptographic devices down to where they can be used in such commercial applications as remote cash dispensers and computer terminals. In turn, such applications create a need for new types of cryptographic systems which minimize the necessity of secure key distribution channels and supply the equivalent of a written signature. At the same time, theoretical developments in information theory and computer science show promise of roviding provably secure cryptosystems, changing this ancient art into a science. [DH76] Before looking at the problems of RSA it is necessary to understand why these problems are so important. After all, RSA did not just emerge overnight to become the most widely used form of encryption in the world, and a look at how RSA got where it is today will go a long way to explain why the questions surrounding the algorithm are so important 1.1.1 The Players

Although Rivest, Shamir, and Adleman are usually given the lions share of the credit for the development of public-key encryption the basic idea behind the subject was the work of Whiteld Die and Martin Hellman from Stanford University, and Ralph Merkle from the University of California at Berkeley. Originally Die and Hellman were working on publickey encryption in general together while Merkle was working specically on a method of public-key distribution. After becoming aware of each others work the three decided to work together. The nished product of the trio was a paper detailing public-key encryption written by Die and Hellman that referenced Merkles work. As the rst published paper on publickey encryption the work turned out to be a tour de force that galvanized the cryptography community that had heretofore been somewhat limited by government restrictions. The paper itself discussed the idea of public-key encryption along with the production of digital signatures using several dierent example algorithms. Among those that happened to read the paper were three researches at MIT; the now famous Rivest, Shamir, and Adleman trio. The Die-Hellman paper discussed public-key distribution but failed to implement a convincing form of digital signatures, and upon reading the paper these three researchers set about to create an eective method of creating digital signatures for

public-key encryption. As the story goes the researchers had been working on 40 dierent implementations and after an exhaustive session Rivest lay on a couch nursing a headache. In a ash of inspiration the idea of using two large prime numbers and multiplying them together came to him and the idea eventually became the basis of the paper published by the researchers in 1977. Although rst published in 1977 the work of the three MIT researchers did not gain full notoriety until Martin Gardner wrote about the breakthrough in his column Mathematical Games in the magazine Scientic American. Gardners suggestion that Rivest, Shamir, and Adleman mail a more detailed report to anyone that requested it caused the United States National Security Agency to release a statement forbidding them to do anything of the sort. Unfortunately for the NSA, they lacked the legal backing to make such a demand and in February of 1978 Rivest, Shamir, and Adleman released a more detailed paper in a journal published by the Association for Computing Machinery [RSA78]. For RSA, however, the troubles with the US government were just beginning. The governments concern that the encryption technology would fall into the hands of non-government elements, not to

mention foreign powers, prompted a desperate attempt by the government to keep the technology out of the public domain. The legal battles between the government and the three MIT cryptologists would drag on for years. Shortly after Adam Black demonstrated a mere ve-line PERL implementation of the RSA algorithm, the government prohibited its exportation outside of the country. Technology savvy citizens rebelled against the embargo by printing the code on T-shirts and attaching it to the bottom of emails. Eventually the US government had no choice but to capitulate and in 1982 the three researches created the encryption technology company RSA Security and began marketing their idea. While RSA Security was able to obtain a US patent for the algorithm, an international patent escaped the company as a result of the information being previously published. Nevertheless, RSAS quickly took center stage as the premier public-key encryption company and began marketing its technology to all sorts of businesses. In hindsight RSAS and its algorithm emerged just in time, as shortly after the company went into business the emergence of the Internet created a huge demand for encryption technologies for transmitting both personal and nancial data. [PKC03 1.1.2 The Public Algorithm

Truly, if there is a reason for the success of RSA it lies in the emergence of the Internet and the rampant economic forces that drove its expansion shortly thereafter. The enormous commercial potential of the Internet fueled an equally enormous demand for encryption systems where parties could safely transmit information out in the open of the wired world. Obviously, as a nearly unbreakable and public-key system RSA became the premier method of encrypting data for use on the net. RSA Securitys own records admit the link between the increased use of RSA and the expansion of commercial elements of the Internet: the rush to make the Internet secure for business is bringing the issue of information security to therefore. [Ann97] In addition, claims of multiple trends of Internet connectivity...converge[ing] to create a new era of information security [Ann97] show the deeply rooted link between RSA and the creation and growth of the Internet. As much as the Internet helped make RSA a successful company, RSA undoubtedly had a hand in continuing the economic boom of e-commerce. The all-important SSL, or Secure Socket Layer protocol used in the majority of secure Internet data exchanges, uses RSA technology. 1.1.3 RSA Today

Like all good things, RSAs monopoly on the algorithm had to come to an end. In September of 2000, after almost 20 years of exclusive rights, RSAs patent on the equation c = me (modn) expired and the companys all over the world no longer had to pay a licensing fee in order to use the worlds most popular implementation of public-key encryption. In something of a publicity stunt RSA actually released the patent two weeks early and as people celebrated the expiration of the patent (yes, people actually had parties) the encryption world would never be quite the same. Today, RSA continues to nd use in SSL and a number of other applications such as PGP and GPG, two programs that oer public-key encryption for email. As opposite ends of the spectrum, PGP, or Pretty Good Privacy, is propriety software that integrates itself with many popular email clients. GPG,or Gnu Privacy Guard, on the other hand, is an open source initiative that oers roughly the same functionality as PGP. Both of these programs are open to the general public although most people have little idea how to encrypt data, and studies have shown that many simply consider their data already encrypted. In this respect then RSA has not entirely penetrated the public consciousness and remains the province of geeks and scientists.

As for RSA Security Systems the future was not all that bright after the algorithm went public. The companys prots began to fall rapidly despite claims of the licensing fees for the algorithm only accounting for 1% of the companys total prots. It seemed like the companys runaway success in the late 90s would not continue into the new millennium, but in recent years the company has been doing better and seems to be back on track. 1.2 What is RSA? The RSA algorithm, at its core, is a simple piece of mathematics. It relies both on mathematical theorems that have been unequivocally proven for hundreds of years and on mathematical assumptions that have yet to be validated through any rigorous proof. The implementation of the algorithm is easy to do; as mentioned before, a ve-line PERL program is sucient. Even performing by hand the calculations that are necessary to implement the algorithm is not an insurmountable task. What then, is the mathematics behind RSA cryptography?