RSAéµã®ç”Ÿæˆæ™‚ã«ç¢ºçŽ‡çš„ç´ æ•°åˆ¤å®šæ³•ã‚’ä½¿ã£ã¦å•é¡Œãªã„ã®ã‹
å‰å›žè¨˜äº‹ã€ŒRSA公開鍵から素数の積を取り出す方法ã€ã§ã‚‚紹介ã—ã¾ã—ãŸãŒã€RSAéµã®ç”Ÿæˆã«ã¯å·¨å¤§ãª2ã¤ã®ç´ æ•°p,qãŒå¿…è¦ã§ã™ã€‚近年一般的ã«ä½¿ã‚ã‚Œã¦ã„ã‚‹2048bit RSAéµã®å ´åˆã€p,qã®å¤§ãã•ã¯1024bitã€10進ã§ç´„308æ¡ã®æ•°ã«ãªã‚Šã¾ã™ã€‚
ã“ã®RSAã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ä¸ã§ã¯pã¨qを法ã¨ã—ãŸãƒ•ã‚§ãƒ«ãƒžãƒ¼ã®å°å®šç†ï¼ˆæ£ç¢ºã«ã¯ãã®æ‹¡å¼µã§ã‚るオイラーã®å®šç†ï¼‰ã‚’利用ã—ã¦ã„ã¾ã™ã€‚ã¤ã¾ã‚Šã€pã¨qãŒåˆæˆæ•°ã ã¨RSAæš—å·ã®å¤§å‰æãŒç‹‚ã£ã¦ã—ã¾ã„ã¾ã™ã®ã§ã€pã¨qã«ã¯ç¢ºå®Ÿã«ç´ æ•°ã‚’é¸ã¶å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
ã¨ã“ã‚ã§ã€OpenSSLã®RSAéµç”Ÿæˆã®å®Ÿè£…ã§ã¯ã€pã¨qã®ç´ 数判定ã«Miller-Rabinç´ æ•°åˆ¤å®šæ³•ãŒç”¨ã„られã¦ã„ã¾ã™ã€‚Miller-Rabinç´ æ•°åˆ¤å®šæ³•ã¯ç‰‡å´èª¤ã‚Šã®ç¢ºçŽ‡çš„アルゴリズムã§ã€ã€ŒãŸã¶ã‚“ç´ æ•°ã€ã€Œç¢ºå®Ÿã«åˆæˆæ•°ã€ã®åˆ¤å®šãŒã§ãるよã†ãªã‚‚ã®ã§ã™ã€‚pã¨qã®ç´ 数性ãŒé‡è¦ãªã®ã«ã€ãã®åˆ¤å®šã«ç¢ºçŽ‡çš„アルゴリズムを使ã£ã¦ã‚‚å•é¡Œãªã„ã®ã§ã—ょã†ã‹ï¼Ÿ
åˆæˆæ•°ã®p,qã§RSAéµã‚’作ã£ã¦ã¿ã‚‹
ã‚‚ã®ã¯è©¦ã—ã§ã€åˆæˆæ•°ã®p,qã§RSAéµã‚’作ã£ã¦ã¿ã¾ã—ょã†ã€‚OpenSSLã®RSAéµç”Ÿæˆã®å®Ÿä½“ã¯bn_prime.cã®BN_generate_prime_ex関数ã«ã‚ã‚Šã¾ã™ã€‚
*** openssl-1.0.1h-orig/crypto/bn/bn_prime.c 2014-06-05 16:22:48.000000000 +0900
--- openssl-1.0.1h/crypto/bn/bn_prime.c 2014-06-09 09:08:35.000000000 +0900
***************
*** 196,201 ****
--- 196,202 ----
if (!safe)
{
+ checks=-1;
i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
if (i == -1) goto err;
if (i == 0) goto loop;上記ã®ã‚ˆã†ã«1è¡Œè¿½åŠ ã™ã‚‹ã“ã¨ã§ã€p,qãŒç´ æ•°ã‹ã©ã†ã‹ç¢ºèªã™ã‚‹éš›ã®Miller-Rabinç´ æ•°åˆ¤å®šæ³•ã‚’ã‚¹ã‚ップã•ã›ã¦ã€p,qãŒåˆæˆæ•°ã«ãªã‚‹ç¢ºçŽ‡ã‚’高ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã“ã®ä¿®æ£ã‚’åŠ ãˆãŸOpenSSLã¨ssh-keygenを用ã„ã¦ãƒ‘スフレーズãªã—ã®SSHéµã‚’生æˆã—ã¦ã¿ã¾ã—ãŸã€‚
$ ./ssh-keygen -f /tmp/broken_id_rsa Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/broken_id_rsa. Your public key has been saved in /tmp/broken_id_rsa.pub. The key fingerprint is: 88:91:2d:63:fd:b9:5f:41:a5:74:39:4a:97:ee:e7:26 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | . oo | | + ..+= | | * o .o+ . | | . = o . .. . | | . . S .. | | . .. .| | . . o | | . . E o| | . o | +-----------------+
生æˆã—ãŸç§˜å¯†éµã®ä¸ã®p,qを確èªã—ã¦ã¿ã¾ã—ょã†ã€‚
$ openssl asn1parse -in /tmp/broken_id_rsa
0:d=0 hl=4 l=1188 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :BD7235019F70FD2FA112B89F7A9B049615169C03AE01C69F6D6A49451A65C010D916AEE8F6BED3EF47B507234A9572F545657C86F2E927F5C1DAD7956D1E897663FA35A4D582C721C58E586E8C0FCE8A6788CDBDB5915C0C7D8455F3D2DA5921C388A3C6C6180FE0358977D8D3AC8C0F41E0ED08BB72E1BADEE887E1CF5611B286BD8C199DD093FECEB0C5B8B02EDCD3077FE3267D66FACAB40C65A8C76A08F6D28B617C8BF0F226E49265C07728A8CA2BB17C86AD1813B898B6D2878B2FC37543CDFA23A8C15179234440D14216F3D43E9578A3500ADE27086FF733F31B56FC7DC0263176DCC0B2F2414CCE23D54EF41736AC3D8E052CF4B2972574E12639B3
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 257 prim: INTEGER :9A1369A2E13EEEDC2EDF60026C9FE931FB02C16E88B5EF09B8DE49AB07161C0857D707F876BDAAF69FD64E70D87705E10F48C3E7A9661156E20C0F6BFB2C6BD63AE7C37B451F30BF79C214900C1FCAF66BD02AAC912020C213CF6E6C785F97404B9C34BF345B5B861964AD714E6EB616AE98B58F758CB0A3E029346265D3755DDB9B0FEBE1DECD027D718734B24E8D3F0568A3AA7B599A76824DB7A5DB47D54E643A81FEC0B4F23FCF20C9DFA1259533692D3524E9B52DF2C37626A6EDDE477B432A76CEEDF82E63A8A6DB7D71B8335338650107F17A657E8675DE06C001C49A13A68E3BFE591481CE0EB3CB53430206A79CA9A5DA5C6ECB44D0DB8AE2FBC281
534:d=1 hl=3 l= 129 prim: INTEGER :E489D4B72A4EEE27550F6FA1ECFE04504EBC830E4DB689A807CD1CD1399F3018BA5A28EC54842BEFC01477AB822A31842EEAD02ABD2211E61C433DD927712F62BE3E392D3EEFB78BD1C0A6CFCE901EEC82E1B1718CA247B7909D3D6CBF9F7AC85E9F195245415FB6043C2EC0E756BBF6AD85D232215F7BDDBD03E41A500DD641
666:d=1 hl=3 l= 129 prim: INTEGER :D435D76CD11F1B67EE1C3FD1158B8E413ECB7CB470787218719A41B8A971B8B38D7377687F73684588F9BE87F1840395EF532F8B97B14ED3DB98FB02FC514A90E4907F92E5E93AD96F254319AF8E2087A34D695EA892B31FA39AC76F44ECEEA4898EFFC451959A05EC43B5AB7DF268CFF5B7DBA1C518A61184FADDE574715AF3
798:d=1 hl=3 l= 129 prim: INTEGER :AE5579FFB3757C74628DA0E18BD085E7E0F82A9D19A91A3F249C51D444B96B4E21B1AF300094C6936019FCE3C72A7A9553D8E9AD0093E1C5805FC6E9450E315088C11C8AA84CE2DDF4C69A3941606D468BDCB0A866D8500EF6710C2F4DC9D136D1FF59A8898E01FDEE231EA32695E2529D31CD1352A3ECF04C44909785E3D841
930:d=1 hl=3 l= 128 prim: INTEGER :2FC7BFAD7C98686F4A298A24E598FA7AAE4CDAD335CFA8C0E0333F40F8C5E6346750EC3DD7148111C6F99470BF6C5DF25064867C03B7A46C0731B6B2C164FC490B6D8D8BE1C055C3C746B888FC022048E9F7F015A41703C5C7EC7DA30BFDDCEDA71B4F73407B52A6AABFC413CCD3DBCD9721C28DF5F6CACD7F078D16B0D52509
1061:d=1 hl=3 l= 128 prim: INTEGER :5FD2EFBAF7CAC160391E92557D6102D3C26607B75BBF72D5F8A20CD30772FE90915DF1AF18389A227C1C48D17D76A1A9881EE74657838FCF83263D49C3927BA1E6C1D7AAD6532DF860C9912E6B5DFEF2F7826B0210BE3E120F39EE1EC4BE2FA4BF5396B191F51D982673B6CBDCEDB9668CC6F887D37F0574185B2571C3F397B3ã“ã®ã†ã¡ã€5番目ã¨6番目ãŒp,qã§ã™ï¼ˆå‚照:RFC3447 Appendix A.1.2)。ã“ã‚Œã¯ä¸‹è¨˜ã®é€šã‚Šç´ æ•°ã§ã¯ã‚ã‚Šã¾ã›ã‚“。
$ openssl prime -hex E489D4B72A4EEE27550F6FA1ECFE04504EBC830E4DB689A807CD1CD1399F3018BA5A28EC54842BEFC01477AB822A31842EEAD02ABD2211E61C433DD927712F62BE3E392D3EEFB78BD1C0A6CFCE901EEC82E1B1718CA247B7909D3D6CBF9F7AC85E9F195245415FB6043C2EC0E756BBF6AD85D232215F7BDDBD03E41A500DD641 E489D4B72A4EEE27550F6FA1ECFE04504EBC830E4DB689A807CD1CD1399F3018BA5A28EC54842BEFC01477AB822A31842EEAD02ABD2211E61C433DD927712F62BE3E392D3EEFB78BD1C0A6CFCE901EEC82E1B1718CA247B7909D3D6CBF9F7AC85E9F195245415FB6043C2EC0E756BBF6AD85D232215F7BDDBD03E41A500DD641 is not prime $ openssl prime -hex D435D76CD11F1B67EE1C3FD1158B8E413ECB7CB470787218719A41B8A971B8B38D7377687F73684588F9BE87F1840395EF532F8B97B14ED3DB98FB02FC514A90E4907F92E5E93AD96F254319AF8E2087A34D695EA892B31FA39AC76F44ECEEA4898EFFC451959A05EC43B5AB7DF268CFF5B7DBA1C518A61184FADDE574715AF3 D435D76CD11F1B67EE1C3FD1158B8E413ECB7CB470787218719A41B8A971B8B38D7377687F73684588F9BE87F1840395EF532F8B97B14ED3DB98FB02FC514A90E4907F92E5E93AD96F254319AF8E2087A34D695EA892B31FA39AC76F44ECEEA4898EFFC451959A05EC43B5AB7DF268CFF5B7DBA1C518A61184FADDE574715AF3 is not prime
ã“ã®RSAéµãƒšã‚¢ã§SSH通信ã§ãã‚‹ã®ã§ã—ょã†ã‹ï¼Ÿä½œã£ãŸå…¬é–‹éµã‚’別ã®ãƒžã‚·ãƒ³ã«ç™»éŒ²ã—ãŸä¸Šã§ãƒã‚°ã‚¤ãƒ³ã—よã†ã¨ã™ã‚‹ã¨ã€ä¸‹è¨˜ã®ã‚ˆã†ã«ãƒã‚°ã‚¤ãƒ³ã«å¤±æ•—ã—ã¦ã—ã¾ã„ã¾ã™ã€‚
$ ssh -v -i /tmp/broken_id_rsa 192.168.56.64 OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014 debug1: Reading configuration data /Users/hnw/.ssh/config debug1: /Users/hnw/.ssh/config line 86: Applying options for * debug1: Reading configuration data /usr/local/etc/ssh/ssh_config debug1: Connecting to 192.168.56.64 [192.168.56.64] port 22. debug1: Connection established. debug1: identity file /tmp/broken_id_rsa type 1 debug1: identity file /tmp/broken_id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr [email protected] none debug1: kex: client->server aes128-ctr [email protected] none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA 78:b6:(以下略) debug1: Host '192.168.56.64' is known and matches the RSA host key. debug1: Found key in /Users/hnw/.ssh/known_hosts:79 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/hnw/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Offering RSA public key: /tmp/broken_id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
RSAéµã®p,qãŒåˆæˆæ•°ã ã¨ä½•ãŒèµ·ã“ã‚‹ã‹
上ã®å®Ÿé¨“ã§ä½•ãŒèµ·ããŸã®ã§ã—ょã†ã‹ã€‚ãれを知るãŸã‚ã«ã€ã¾ãšã¯RSAæš—å·ã®ä»•çµ„ã¿ã‚’復習ã—ã¦ã¿ã¾ã—ょã†ã€‚RSAéµç”Ÿæˆã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã§ã€ç´ æ•°p,qã®ä»–ã«eã¨dã¨ã„ã†ãƒ‘ラメータãŒè¨ˆç®—ã•ã‚Œã¾ã™ã€‚ã“ã®e,dã¯ä¸‹è¨˜(1)å¼ãŒæˆã‚Šç«‹ã¤ã‚ˆã†ã«è¨ˆç®—ã—ã¾ã™ã€‚
- n=p*q(p≠q, p,qã¯ç´ 数)ã¨ã™ã‚‹
- ä»»æ„ã®xã«å¯¾ã—㦠x^(e*d)=x (mod n) … (1)
ã“ã®e,d,nを使ã†ã¨ã€RSAã®æš—å·åŒ–処ç†ãƒ»å¾©å·å‡¦ç†ã¯æ¬¡ã®ã‚ˆã†ã«è¡¨ã›ã¾ã™ã€‚
- æš—å·åŒ–
- 平文をiã¨ã™ã‚‹ã€ãŸã ã—i<n
- æš—å·æ–‡ c = i^e (mod n)
- 復å·
- æš—å·æ–‡ c ã«å¯¾ã—㦠c^d (mod n)ã§å¹³æ–‡ãŒå¾—られる
ã“ã®ã‚ˆã†ã«ã€ç§˜å¯†éµã«å«ã¾ã‚Œã‚‹dãŒãƒãƒ¬ãªã‘ã‚Œã°ã€æš—å·åŒ–ã«å¿…è¦ãªeã¯å…¬é–‹ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã¨ã„ã†ä»•çµ„ã¿ã«ãªã£ã¦ã„ã¾ã™ã€‚
ã¨ã“ã‚ã§ã€ã‚ªã‚¤ãƒ©ãƒ¼ã®å®šç†ã‚’利用ã™ã‚Œã°ã€æ¬¡ã®(2)å¼ã‚’満ãŸã™dãŒ(1)å¼ã‚’満ãŸã™ã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚
- φ(n) = (p-1)*(q-1)
- e*d = 1 (mod φ(n)) … (2)
ã¤ã¾ã‚Šã€eã®ãƒ¢ã‚¸ãƒ¥ãƒ©é€†æ•°ã‚’å–ã‚Œã°dãŒè¨ˆç®—ã§ãã‚‹ã¨ã„ã†ã‚ã‘ã§ã™ã€‚
ãŸã ã—ã€ä¸Šè¨˜ã®å‰æã¯pã¨qãŒç´ æ•°ã§ã‚ã‚‹ã“ã¨ã§ã™ã€‚p,qã„ãšã‚Œã‹ãŒåˆæˆæ•°ã®å ´åˆã€ã“ã®ã‚ˆã†ã«æ±‚ã‚ãŸdãŒå¼(1)を満ãŸã•ãªããªã‚‹ã¯ãšã§ã™*1。
上ã®å®Ÿé¨“ã§ã‚‚p,qãŒåˆæˆæ•°ã ã£ãŸãŸã‚ã«e,dã®çµ„ãŒ(1)å¼ã‚’満ãŸã›ãšã€å¾©å·å‡¦ç†ã«å¤±æ•—ã—ãŸã¨è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚
RSAéµç”Ÿæˆæ™‚ã«p,qã„ãšã‚Œã‹ãŒåˆæˆæ•°ã«ãªã‚‹ç¢ºçŽ‡
RSAéµç”Ÿæˆæ™‚ã«p,qã„ãšã‚Œã‹ãŒåˆæˆæ•°ã ã¨RSAã®å¾©å·å‡¦ç†ã«å¤±æ•—ã—ã¦ã—ã¾ã„ã€éµãƒšã‚¢ã¨ã—ã¦æ©Ÿèƒ½ã—ãªã„ã“ã¨ãŒã‚ã‹ã‚Šã¾ã—ãŸã€‚一方ã§ã€p,qãŒç´ æ•°ã‹ã©ã†ã‹ã¯Miller-Rabinç´ æ•°åˆ¤å®šæ³•ã¨ã„ã†ç¢ºçŽ‡çš„アルゴリズムã§è¡Œã‚ã‚Œã¾ã™ã‹ã‚‰ã€ä¸€å®šã®ç¢ºçŽ‡ã§å£Šã‚ŒãŸéµãƒšã‚¢ã‚’生æˆã—ã¦ã—ã¾ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚
ã§ã¯ã€p,qã®ç´ 数判定ã«å¤±æ•—ã—ã¦å£Šã‚ŒãŸéµãƒšã‚¢ã‚’生æˆã™ã‚‹ç¢ºçŽ‡ã¯ã©ã‚Œãらã„ãªã®ã§ã—ょã†ã‹ã€‚ãã®ç”ãˆãŒOpenSSLã®crypto/bn/bn.hã«æ›¸ã„ã¦ã‚ã‚Šã¾ã™ã€‚
/* number of Miller-Rabin iterations for an error rate of less than 2^-80 * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; * original paper: Damgaard, Landrock, Pomerance: Average case error estimates * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ #define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ (b) >= 850 ? 3 : \ (b) >= 650 ? 4 : \ (b) >= 550 ? 5 : \ (b) >= 450 ? 6 : \ (b) >= 400 ? 7 : \ (b) >= 350 ? 8 : \ (b) >= 300 ? 9 : \ (b) >= 250 ? 12 : \ (b) >= 200 ? 15 : \ (b) >= 150 ? 18 : \ /* b >= 100 */ 27)
ã“ã®ãƒžã‚¯ãƒã¯ã€ç´ 数判定ã™ã‚‹æ•°ã®ãƒ“ット数ã‹ã‚‰Miller-Rabinã®ã‚¤ãƒ†ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³æ•°ã‚’è¿”ã™ãƒžã‚¯ãƒã§ã™ã€‚ã“ã‚Œã¯ä¸Šè¨˜ã‚³ãƒ¡ãƒ³ãƒˆéƒ¨ã«ã‚ã‚‹1993å¹´ã®è«–æ–‡ãŒå…ƒãƒã‚¿ã§ã€ç´ 数を誤判定ã™ã‚‹ç¢ºçŽ‡ãŒ1/2^80以下ã«ãªã‚‹ã‚ˆã†ã«ã‚¤ãƒ†ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³æ•°ã‚’決定ã—ã¦ã„ã¾ã™ã€‚
ã¤ã¾ã‚Šã€å…ˆã»ã©ã®p,qã®ã©ã¡ã‚‰ã‹ä¸€æ–¹ã§ã‚‚ç´ æ•°åˆ¤å®šã‚’é–“é•ã†ç¢ºçŽ‡ã¯1/2^79以下ã«ãªã‚Šã¾ã™ã€‚ã“ã‚Œã¯æ¯Žç§’1000個ã®éµãƒšã‚¢ã‚’生æˆã§ãるマシン100万å°ã§æ‰‹åˆ†ã‘ã—ã¦éµç”Ÿæˆã—続ã‘ãŸã¨ã—ã¦ã€2000万年ã®é–“ã«å£Šã‚ŒãŸéµãƒšã‚¢ãŒ1ã¤ã§ãã‚‹ã‹ã©ã†ã‹ã§ã™ã‹ã‚‰ã€ä»–ã®ãƒã‚°ã‚’è¸ã‚€ç¢ºçŽ‡ã®æ–¹ãŒã‚ˆã»ã©å¤§ããã†ãªæ°—ãŒã—ã¾ã™ã€‚
決定的ãªç´ 数判定アルゴリズムãŒä½¿ã‚ã‚Œãªã„ç†ç”±
ã„ãら確率ãŒä½Žãã¦ã‚‚ã€ç¢ºå®Ÿæ€§ãŒå¿…è¦ãªã®ã«ç¢ºçŽ‡çš„アルゴリズムを使ã†ã®ã¯æ°—æŒã¡ãŒæ‚ªã„ã¨æ„Ÿã˜ã‚‹äººã‚‚ã„ã‚‹ã§ã—ょã†ã€‚決定的ãªç´ 数判定アルゴリズムを使ã†ã‚ã‘ã«ã¯ã„ã‹ãªã„ã®ã§ã—ょã†ã‹ï¼Ÿ
決定的アルゴリズムãŒä½¿ã‚ã‚Œã¦ã„ãªã„ç†ç”±ã¯æ€§èƒ½ã®å•é¡Œã§ã—ょã†ã€‚IPAã«ã‚ˆã‚‹è³‡æ–™ã€Œ素数生成アルゴリズムの調査・開発 調査報告書ã€(PDF)ã®5.2ç« ã«ã‚ˆã‚Œã°ã€1024bitç´ æ•°ã®åˆ¤å®šã«æ±ºå®šçš„アルゴリズムを使ã†ã¨Miller-Rabinã®1000å€ç¨‹åº¦é…ã„よã†ã§ã™ã€‚
得られるçµæžœã®ç²¾åº¦ã¨é€Ÿåº¦ã®ãƒãƒ©ãƒ³ã‚¹ã‚’考ãˆã‚‹ã¨Miller-Rabinã®æŽ¡ç”¨ãŒå¦¥å½“ã¨ã„ã†ã“ã¨ãªã®ã§ã—ょã†ã€‚
ã¾ã¨ã‚
- OpenSSLã§ã¯RSAéµç”Ÿæˆã®é€”ä¸ã§ç¢ºçŽ‡çš„ç´ æ•°åˆ¤å®šã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’ä½¿ã£ã¦ã„ã‚‹ãŸã‚ã€å£Šã‚ŒãŸéµãƒšã‚¢ãŒä½œã‚‰ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹
ã“ã®è¨˜äº‹ã‚’書ãå‰ã¯ã€RSAéµç”Ÿæˆã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã§x^(e*d)=x (mod n)ã®æ¤œç®—ã‚’ã—ã¦ã€Œã”ã‚ã‚“ã€å£Šã‚ŒãŸéµãŒå‡ºæ¥ãŸã‚ˆã€ã‚¨ãƒ©ãƒ¼ã‚’出ã—ã¦ãれるã¨äºˆæƒ³ã—ã¦ã„ã¾ã—ãŸãŒã€ãã‚“ãªå‡¦ç†ã¯ç„¡ã„ã¿ãŸã„ã§ã™ã€‚
*1:p,qãŒåˆæˆæ•°ã«ã‚‚ã‹ã‹ã‚らãšæ±‚ã‚ãŸdãŒå¼(1)を満ãŸã™ã“ã¨ã‚‚ã‚ã‚Šãã†ã§ã™ãŒã€ã©ã†ã„ã†æ¡ä»¶ã§ãã†ãªã‚‹ã‹ç†è€…ã«ã¯ã‚ã‹ã‚Šã¾ã›ã‚“。ç†è«–的背景ãªã©ã”å˜ã˜ã®æ–¹ã¯æ•™ãˆã¦ãã ã•ã„。少ãªãã¨ã‚‚今回実験ã—ãŸç¯„囲ã§ã¯å¿…ãšRSA通信ã«å¤±æ•—ã—ã¦ã„ã¾ã—ãŸ
