Re: Can a certain determination be made on a large composite such as rsa2048?

From: dan73 <fasttrack2a@xxxxxxx>
Date: Fri, 20 Mar 2009 11:46:44 EDT

On Mar 19, 9:29 pm, dan73 <fasttrac...@xxxxxxx> wrote:

The determination is, I believe there are just 2 prime factors
the same length in rsa2048.

Are you a native English speaker? The wording and >grammar
in the above sentence are terrible.

Are you asking if the published number officially known >as RSA2048
is comprised of two equal prime factors? The answer to >that
question is yes.

Or are you asking whether a 2048-bit RSA key MUST have >two equal-
length
factors? The answer to that question is no.

Sorry if I explained it wrong but I know the RSA
challenge numbers that were cracked have some with
same length prime factor length and others that do not.

My proposal is, all readers of this post send me a composite
(rsa2048 size or larger) with just 2 prime factors and pick
either two factors of equal length or one factor 1 or >>2 digits
shorter than the largest factor.
I will determine either "yes" the two factors are of >>equal
length or "no" they are not.

If you can do that, I suggest that you publish your >method.
You will be famous. There is no know algorithm that will
determine the size of prime factors of a larger integer >other
than factoring that larger integer. Indeed. One can >turn a
fast algorithm that bounds prime factors yet does
not reveal their value, into a polynomial time method >that will
reveal their value.

I am not saying this works but I am conducting test
from people that are sending me composites now.
I will evaluate these and in a week or so I will
post the results of my findings. Good or bad.

If you wish it can be >2 difference but I would like >>to start out
with no more than 2 difference in digit length >>between the factors
in keeping with the RSA composites.
I will never know the factors but I should know if >>they are of equal
length or not!
Please send many composites of this form because this >>determination
takes no longer than 3/4 hour or less for each >>composite.

Astonishing, if true. You are either a genius who has >discovered a
method unknown to everyone else on the planet, or a >deluded crank.
I will withhold judgment until you reveal your method.

My return answer for each composite sent should be >>100% right no matter
how many composites are sent but then again I could >>be wrong on this!

Note: The above statement. that is why I am running
this test.
Sure I could be dead wrong, but hey give me a shot.

Note that since there are only two alternatives (equal >or not equal) a
random guess on your part will be right half the time
(assuming that
the
person constructing the test chooses each with p = 1/2) >Thus,
anyone
participating in your suggested experiment needs to >send a fair
number
(at least 10) of test numbers to you.

Yes but I said the composite could have a prime factor
up to 3 digits shorter than the largest factor.
So that would worsen the odds!

Note that it *IS* possible for someone who KNOWS the >prime factors
of an RSA key to conduct a zero-knowledge (or limited >knowledge)
proof
with someone who only posseses the product of the >primes. That
zero-knowledge proof will convince any outsider that >the prime
factors
are the same length, yet not reveal their value. I have >published
such a method (an efficient limited knowledge proof >jointly with Moses
Liskov)
Camenisch and Michaels give a true ZKP, but one that is >inefficient.

For a survey of this and similar results on validating >RSA keys, see
my paper 'RSA Public Key Validation' in Cryptography & >Computational
Number Theory, Progess in Computer Science & Applied >Logic Volume
20,
Birhauser. This is based on a workshop held in >Singapore in 1999.

Thanks for your input.

I have to absorb all this stuff but it looks
interesting!

Dan
.

Follow-Ups:
- Re: Can a certain determination be made on a large composite such as rsa2048?
  - From: quasi
- Re: Can a certain determination be made on a large composite such as rsa2048?
  - From: pubkeybreaker

References:
- Can a certain determination be made on a large composite such as rsa2048?
  - From: dan73

Prev by Date: hyperbolic functions
Next by Date: Re: hyperbolic functions
Previous by thread: Re: Can a certain determination be made on a large composite such as rsa2048?
Next by thread: Re: Can a certain determination be made on a large composite such as rsa2048?
Index(es):
- Date
- Thread

Relevant Pages

Re: A different RSA challenge!
... Dan wrote: ... >>What is RSA and how do you calculate it? ... It is used in their encryption ... > methods where any one of these unsolved composites ...
(sci.math)
Re: Secure permutation of a 1e8 element set
... RSA would be fine, but very slow, wouldn't it? ... Additionaly I could permute the digits. ... you map to within the nearest higher power of two using bit twiddling, ... A arbitary permutation of 1e8 numbers is equivelent to a key size ...
(sci.crypt)
Re: Secure permutation of a 1e8 element set
... would choose RSA, it won't be secure, but limiting the range arbitrarily is ... just use the original RSA algorithm. ... Of course if there are numbers consisting of more digits, ... Do you reallywant to use 10 different ...
(sci.crypt)
Re: A different RSA challenge!
... Dan wrote: ... >>What is RSA and how do you calculate it? ... > methods where any one of these unsolved composites ... > are used as the public key and the two unknown ...
(sci.math)
Re: Factoring RSA type prime products
... and algorithm using binaries from 1-50 digits. ... Of course prime ... products of RSA type "two primes". ... and your algebra solution for the prime problem actually would be on a ...
(sci.math)