RSA
Rivest–Shamir–Adleman
Generate two large random primes
and
. Compute the modulus
. Compute
. Choose a public exponent
s.t.
(usually we use
). Publish the modulus
and the public exponent
as the public key
.
Choose a plaintext
to be sent. Use the public key
to encrypt
:
In Python, this step is computed by
c = pow(m, e, N)
. Send the ciphertext to Alice.
Compute the private component
and decrypt
:
In Python, this step is computed by
m = pow(c, d, N)
.
Today, RSA is often not the preferred way of doing a key exchange, and it is being used less and less in protocols in favor of Elliptic Curve Diffie-Hellman (ECDH). This is mostly due to historical reasons (many vulnerabilities have been discovered with RSA implementations and standards) and the attractiveness of the smaller parameter sizes offered by ECDH.

CryptoHack – RSA challenges
CryptoHack
RSA - CryptoHack

Real-World Cryptography
Manning Publications
Real-World Cryptography

Attacking RSA for fun and CTF points – part 1
BitsDeep
Attacking RSA for fun and CTF points Part 1

Attacking RSA for fun and CTF points – part 2
BitsDeep
Attacking RSA for fun and CTF points Part 2

Attacking RSA for fun and CTF points – part 3
BitsDeep
Attacking RSA for fun and CTF points Part 3

Attacking RSA for fun and CTF points – part 4
BitsDeep
Attacking RSA for fun and CTF points Part 4
Implementation of Boneh and Durfee attack on RSA's low private exponents
Implementation of Boneh and Durfee attack on RSA's low private exponents - cryptologie
Last modified 1yr ago