patternCritical
Meaning of: "'If factoring large integers is hard, then breaking RSA is hard,' is unproven"
Viewed 0 times
meaningunprovenrsahardbreakingfactoringlargethenintegers
Problem
I was reading CLRS and is said:
If factoring large integers is easy, then breaking the RSA
cryptosystem is easy.
Which makes sense to me because with the knowledge of $p$ and $q$, it is easy to create the secret key which the knowledge of the public key. Though, it explains the converse statement, which I don't quite understand:
The converse statement, that if factoring large integers is hard, then
breaking RSA is hard, is unproven.
What does the statement above formally mean? If we assume factoring is hard (in some formal way), why does that not imply that breaking the RSA crypto system is hard?
Now consider that if we assumed that factoring is hard...and that we discovered that it meant that the RSA cryptosystem is hard to break. What would that formally mean?
If factoring large integers is easy, then breaking the RSA
cryptosystem is easy.
Which makes sense to me because with the knowledge of $p$ and $q$, it is easy to create the secret key which the knowledge of the public key. Though, it explains the converse statement, which I don't quite understand:
The converse statement, that if factoring large integers is hard, then
breaking RSA is hard, is unproven.
What does the statement above formally mean? If we assume factoring is hard (in some formal way), why does that not imply that breaking the RSA crypto system is hard?
Now consider that if we assumed that factoring is hard...and that we discovered that it meant that the RSA cryptosystem is hard to break. What would that formally mean?
Solution
The easiest way to think about it is to think of the contrapositive.
The statement:
if factoring large integers is hard, then breaking RSA is hard
is equivalent to the following:
if breaking RSA is easy, then factoring large integers is easy
This statement has not been proven.
What they're saying is, assume we have an algorithm that solves factoring in polynomial time. Then we can use it to construct an algorithm that solves RSA in polynomial time.
But, there could be some other way to crack RSA that doesn't involve factoring integers. It's possible that we will find we can crack RSA in a way that doesn't let us factor integers in polynomial time.
In short, we know that RSA is at least as easy as factoring. There are two possible outcomes: RSA and factoring are of equivalent difficulty, or RSA is a strictly easier problem than factoring. We don't know which is the case.
The statement:
if factoring large integers is hard, then breaking RSA is hard
is equivalent to the following:
if breaking RSA is easy, then factoring large integers is easy
This statement has not been proven.
What they're saying is, assume we have an algorithm that solves factoring in polynomial time. Then we can use it to construct an algorithm that solves RSA in polynomial time.
But, there could be some other way to crack RSA that doesn't involve factoring integers. It's possible that we will find we can crack RSA in a way that doesn't let us factor integers in polynomial time.
In short, we know that RSA is at least as easy as factoring. There are two possible outcomes: RSA and factoring are of equivalent difficulty, or RSA is a strictly easier problem than factoring. We don't know which is the case.
Context
StackExchange Computer Science Q#50712, answer score: 51
Revisions (0)
No revisions yet.