InfoSec Notes
Complete guide to the RSA public-key cryptosystem covering mathematical foundations, key generation, encryption/decryption steps, digital signatures, and security considerations.
Overview
RSA (Rivest-Shamir-Adleman) is the most widely deployed public-key cryptosystem, invented in 1977. Its security is based on the mathematical difficulty of factoring the product of two large prime numbers. RSA is used for encryption, digital signatures, and key exchange.
Mathematical Foundation
RSA relies on these mathematical principles:
- Prime factorization is hard: Given n = p × q (where p, q are large primes), finding p and q from n alone is computationally infeasible for large numbers.
- Euler's theorem: a^φ(n) ≡ 1 (mod n) for gcd(a,n) = 1
- Modular exponentiation: Computing a^b mod n is efficient even for very large numbers.
RSA Key Generation Step-by-Step
| Step 1 | Choose two large distinct primes p and q |
| Step 2 | Compute n = p × q |
| Step 3 | Compute Euler's totient: φ(n) = (p-1)(q-1) |
| Step 4 | Choose public exponent e such that: |
| Step 5 | Compute private exponent d such that: |
| Public Key | (e, n) — share freely |
| Private Key | (d, n) — keep secret |
| Discard | p, q, φ(n) — must be destroyed |
Complete RSA Example (Small Numbers)
Production RSA with Python
RSA Key Sizes and Security
| Key Size | Security Level | Status | Recommended Until |
|---|---|---|---|
| 512 bits | ~30 bits | BROKEN (1999) | Never |
| 1024 bits | ~80 bits | DEPRECATED | Already expired |
| 2048 bits | ~112 bits | Minimum acceptable | ~2030 |
| 3072 bits | ~128 bits | Recommended | ~2040 |
| 4096 bits | ~140 bits | High security | Long-term |
Common RSA Attacks
| Attack | Description | Prevention |
|---|---|---|
| Brute force factoring | Factor n to find p, q | Use ≥2048-bit keys |
| Small exponent attack | e too small, cube root attack | Always use e=65537 |
| Common modulus attack | Same n with different e values | Unique n per key pair |
| Timing attack | Measure decryption time | Constant-time implementation |
| Textbook RSA | No padding, deterministic | Always use OAEP or PSS |
| Bleichenbacher attack | PKCS#1 v1.5 padding oracle | Use OAEP padding |
Interview Questions
- Why can't RSA encrypt messages larger than the key size?
- RSA operates on numbers less than the modulus n. For RSA-2048, you can only encrypt up to 2048 bits (~256 bytes), minus padding overhead. For larger data, use hybrid encryption: RSA encrypts a symmetric key, which encrypts the actual data.
- Why is e=65537 commonly used as the public exponent?
- 65537 (2^16 + 1) is a Fermat prime that balances security and performance. It's large enough to resist small-exponent attacks but has only two bits set (making modular exponentiation fast). It's coprime to most φ(n) values.
- What makes RSA vulnerable to quantum computers?
- Shor's algorithm can factor large integers in polynomial time on a quantum computer, breaking RSA completely. A sufficiently powerful quantum computer (~4000 logical qubits for RSA-2048) could break RSA in hours. Post-quantum alternatives (lattice-based, hash-based) are being standardized.
- Why is padding critical for RSA security?
- Without padding (textbook RSA), encryption is deterministic — the same message always produces the same ciphertext. This leaks information and enables chosen-ciphertext attacks. OAEP adds randomness and structure that prevents these attacks.
- Explain the relationship between RSA key generation parameters p, q, n, e, and d.
- p and q are large primes (kept secret). n = p×q is the public modulus. e is the public exponent (chosen, typically 65537). d is the private exponent (computed as modular inverse of e mod φ(n)). The security relies on the difficulty of finding d without knowing p and q.
Summary
RSA remains fundamental to internet security, used in TLS certificates, SSH keys, and code signing. While being gradually replaced by ECC for performance reasons, RSA's mathematical elegance and proven security (with proper key sizes and padding) make it a cornerstone of modern cryptography. Always use at least RSA-2048, OAEP padding for encryption, PSS for signatures, and plan migration to post-quantum algorithms.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for RSA Algorithm.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, cryptography, rsa, algorithm, rsa algorithm
Related Information Security Topics