Cryptography Reference
In-Depth Information
n
pearls
n
-
k
pearls to decode
around
k
pearls to encode
Figure 2.3: RSA encryption works by arranging the possible messages
in a loopwith a secret circumference. Encryption is accomplished by
moving a random amount,
k
, down the loop. Only the owners know
the circumference,
n
,sotheycanmove
n−k
steps down the loop and
recover the original message.
some insight into the structure of the encrypted file. So we could
argue that the results of DES or AES should appear random because
we can't predict them successfully.[Way92, Fou98]
The same arguments also hold for RSA. If there was some black
box that could take a number and tell you where it stood in the loop,
then you would be able to break RSA. If the input doesn't fall in a pat-
tern, then the output should be very random. If there was some way
of predicting it, then that could be used to break RSA. Of course, the
bits coming out of a streamof RSA-encrypted values are not perfectly
random, at least at the level of bits. The values in the output are all
computedmodulo
n
n
n
so they are all less than
.Since
is not a power
of
2
, some bits are a little less likely.
Even if the values can't be predicted, they still might not be as ran-
dom looking as we might want. For instance, an encrypted routine
might produce a result that is uncrackable but filled with only two
numbers like 7 and 11. The pattern might be incomprehensible and
unpredictable, but you still wouldn't want to use the source as the
random number generator for your digital craps game. One immedi-
ate clue is that if the 7 and the 11 occur with equal probability, then
the entropy of such a file is clearly 1 bit per number.
It is easy to construct a high-level argument that this problemwill
not occur with DES. All possible output values should be produced
with equal probability. Why? Because DES can be decoded success-
fully. 64 bits go into DES and 64 bits go out. Each possible output can
have only one matching input and vice versa. Therefore each possi-
ble output can be produced.
