For other uses, see RSA (disambiguation).

RSA
General
Designers
Ron Rivest, Adi Shamir, and Leonard Adleman
First published 1977
Certification PKCS#1, ANSI X9.31, IEEE 1363
Cipher detail
Key sizes
1,024 to 4,096 bit typical
Rounds 1
Best public cryptanalysis
General number field sieve for classical computers
Shor's algorithm for quantum computers
A 768-bit key has been broken
RSA is one of the first practical public-key cryptosystems and is widely used fo
r secure data transmission. In such a cryptosystem, the encryption key is public
and differs from the decryption key which is kept secret. In RSA, this asymmetr
y is based on the practical difficulty of factoring the product of two large pri
me numbers, the factoring problem. RSA is made of the initial letters of the sur
names of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly describ
ed the algorithm in 1977. Clifford Cocks, an English mathematician working for t
he UK intelligence agency GCHQ, had developed an equivalent system in 1973, but
it was not declassified until 1997.[1]
A user of RSA creates and then publishes a public key based on two large prime n
umbers, along with an auxiliary value. The prime numbers must be kept secret. An
yone can use the public key to encrypt a message, but with currently published m
ethods, if the public key is large enough, only someone with knowledge of the pr
ime numbers can feasibly decode the message.[2] Breaking RSA encryption is known
as the RSA problem; whether it is as hard as the factoring problem remains an o
pen question.
RSA is a relatively slow algorithm, and because of this it is less commonly used
to directly encrypt user data. More often, RSA passes encrypted shared keys for
symmetric key cryptography which in turn can perform bulk encryption-decryption
operations at much higher speed.
Contents [hide]
1
History
2
Patent
3
Operation
3.1
Key distribution
3.2
Encryption
3.3
Decryption
3.4
Key generation
3.5
Example
3.6
Code
3.7
Signing messages
4
Proofs of correctness
4.1
Proof using Fermat's little theorem
4.2
Proof using Euler's theorem
5
Padding
5.1
Attacks against plain RSA
5.2
Padding schemes
6
Security and practical considerations
6.1
Using the Chinese remainder algorithm
6.2
Integer factorization and RSA problem
6.3
Faulty key generation
6.4
Importance of strong random number generation
6.5
Timing attacks
6.6
Adaptive chosen ciphertext attacks

6.7
Side-channel analysis attacks
7
See also
8
Notes
9
References
10
Further reading
11
External links
History[edit]
Adi Shamir, one of the authors of RSA: Rivest, Shamir and Adleman
The idea of an asymmetric public-private key cryptosystem is attributed to Whitf
ield Diffie and Martin Hellman, who published the concept in 1976. They also int
roduced digital signatures and attempted to apply number theory; their formulati
on used a shared secret key created from exponentiation of some number, modulo a
prime number. However, they left open the problem of realizing a one-way functi
on, possibly because the difficulty of factoring was not well studied at the tim
e.[3]
Ron Rivest, Adi Shamir, and Leonard Adleman at MIT made several attempts over th
e course of a year to create a one-way function that is hard to invert. Rivest a
nd Shamir, as computer scientists, proposed many potential functions while Adlem
an, as a mathematician, was responsible for finding their weaknesses. They tried
many approaches including "knapsack-based" and "permutation polynomials". For a
time they thought it was impossible for what they wanted to achieve due to cont
radictory requirements.[4] In April 1977, they spent Passover at the house of a
student and drank a good deal of Manischewitz wine before returning to their hom
e at around midnight.[5] Rivest, unable to sleep, lay on the couch with a math t
extbook and started thinking about their one-way function. He spent the rest of
the night formalizing his idea and had much of the paper ready by daybreak. The
the initials of their surnames in same order as th
algorithm is now known as RSA
eir paper.[6]