SECURITY OF NUMBER THEORETIC PUBLIC KEY CRYPTOSYSTEMS AGAINST RANDOM ATTACK, I

Abstract

This paper continues a discussion begun in the last issue of CRYPTOLOGIA. It shows that RSA cryptosystems and more general number theoretic public key cryptosystems appear most resistant to cryptanalysis when the encoding modulus m is the square free product of safe primes, namely primes p of the form p=2a+1 where a is an odd prime. There is reason to believe that at least 1 in every 100000 one hundred digit numbers is a safe prime. When m is the square free product of safe primes anybody who can find integers x and e larger than 1 such that {\rm x}^{{\rm e}} \equiv {\rm x} {\rm mod} ({\rm m}) can break the cryptosystem by factoring the coding modulus m. However, either x or e must in this case exceed p/3; where p is the smallest prime factor of m. In a typical RSA cryptosystem the two safe prime factors of m will be chosen so that p/3 exceeds ${\sqrt {{\rm m}}} / 100 . If every message receiver uses the same coding exponent c there are certain economies possible without any apparent loss of security. T...