Вы находитесь на странице: 1из 7

- ( )

20 2005 .


( )

:

116 .

http://www.re.mipt.ru/infsec


( )
( RSA).
.
.
,
( ) .
.
,
: p q n, ..
, n=p*q. ( ,
2-:
)
, n (
), 2-
.
, p n , q n (
n), , ,
.
( )
:

(P. de Fermat)
- (Pollard J. M)
- (Lehman R. S.)
(Lenstra H. W.)
- (Strassen V.)
(P-1)-

.
. :
1) , n ,
n.
2) n , n.

:
1)
2)
:
1) O n log n

[ ]

[ ]

(
O(

2)
n log 2 n
n.
, , -
.

.
1643.
n ( ,
).
, n .
p q 1 < p q . p = u v , q = u + v ,
u v . .. p q (
p+q
pq
), : u =
, v=
.
2
2
n n = u 2 v 2 ,
n = (u v )(u + v ) = pq .
{x k , y k }, k = 0,1,2,3... , r = x k2 y k2 n .
:
1. ( x0 , y 0 ) = n ,0

([ ] )

2. r = 0 , n = x k2 y k2 = (x k y k )( x k + y k ) . ,
p = x k y k p = x k + y k .
3.
a. r > 0 , (x k +1 , y k +1 ) = (x k , y k + 1) .
b. r < 0 , (x k +1 , y k +1 ) = (x k + 1, y k ) .
4. r = x k2+1 y k2+1 n Go to 2.

O C log 2 n , - ,
.

- .
28

F8 = 2 + 1 .
. 1975 .
:
*
1. f : Z n Z n , Z n - n.

f ( x ) 2 (
f ( x ) = x 2 + 1 ).

2. x 0 Z n
*

{xk }, k = 0,1,2,...

x k +1 = f ( x k ) mod n .
3. i j d = gcd (xi x j , n ) . d = 1 d = n ,

(i, j ) . 1 < d < n , d n.


, -
(i, j ) . i j.
:
1. i = 2 j , .. d = gcd (x 2 j x j , n )

2. j 2 h j < 2 h +1 , h N , i = 2 h 1
, , f,
f = x 2 + c , .

1
, O n 4 log 3 n .

, : n , C : > 0
, n
1

C 2 n 4 log 3 n e .
- n.

-.
, n n > 8 .
1. , 2,3,..., 3 n n.
, .

[ ]

2. .. , n

< p q < n 3 . k = 1,2,...,

n 16
+ 1 ,
d = 0,1,...,
4 k

([

] )

4nk + d

[ n]
3

4nk

. , A = 4nk + d B = A 2 4nk
A 2 B 2 mod n .
1 < gcd( A B, n ) < n , ,
.
1
O n 3 .

.
: r, s, n
, 1 r < s < n , n

< s gcd( r , s ) = 1 . 11 ri n, , ri r mod s , ,


O(log n ) .
1
1
, : > >
C ( ) > 0 : 1 r < s < n ,
3
4
gcd( r , s ) = 1 s > n C ( ) n,
r s.
. ,
r, s, n, .
3

1. r , r * r 1 mod s , r , r ' = r n mod s, 0 r ' < s


2. {(ai , bi , ci )}, i = 0,1,2,... ,
:
a 0 = s, b0 = c 0 = 0 ,
n rr ' *
a1 r ' r * mod s , 0 < a1 s , b1 = s , c1 =
r mod s
s
i 2
a i = a i 2 q i a i 1 , bi = bi 2 q i bi 1 , ci ci 2 q i ci 1 mod s ,
*

i = 2k
0 ai < ai 1 ,
qi
0 < ai ai 1 , i = 2k + 1
.. qi - a i 2 a i 1 , i
0.
3. i , :
c < s,
i = 2k

c ci mod s
. 2-.
n
2ai bi c s 2 + ai bi , i = 2k + 1

4.
xai + ybi = c

( xs + r )( ys + r ') = n
x 0, y 0 , xs + r - .
5. ai = 0 , . Go to 2.
O n

log n .

-.
: z , y = z 2 . t
gcd(t , y!) O(z log 2 z log 2 t )
. , ,
gcd(t , y!) .
f ( j ) = (( j 1)z + 1) ... (( j 1)z + z ), j = 1, 2, ..., z .
1. f (1), f (2), ..., f ( z )
2. gcd(t , f ( j )), j = 1, 2, ..., z
.
3. gcd(t, f ( j )) ( j 1)z + 1 , , ( j 1)z + z ,
gcd(t , y!) .
1
1
n z = n 4 + 1, y = z 2 > n 2 , t = n .

gcd(n, y!) . .. p n 2 < y , y!


p n. p .
1
O n 4 log 4 n .

(P-1)- .
: ,
k B-- B>0, m : m
k,
m (k )

mm (k ) B , m (k ) {0,1, 2, ...} -

, m
k.
:
1. ,
B. B~ 10 5 10 6 .

2. a, 2 a n 1 ,
d = gcd(a, n ) . 1 < d < n , d .
3. q1 < q 2 < ... < q k B

log B
qi li =
, ..
log qi
k

4.

q ili B, q ili +1 > B .

P = a qi mod n
li

i =1

5. d = gcd(P 1, n ) . 1 < d < n , d ,


. a
.
1
O n 2 log c n

.
n.

. .
n .
: b, k , b > 1, n = b k 1 . p
n, 2- :
1. p b d 1 d<k, k.
2. p 1 mod k . p>2 k , p 1 mod 2k .
, , :
n = 211 1 . , p 1 mod 22 , .. p = 23 .
,
. ,
. , (Shanks
D.),

: O n

1 +
5

, O n

1 +
4

- (

SQUFOF). SQUFOF , 2 n ,
.
(P-1)- , +1
( (Lucas F. A.)). (+1) (Williams H. C.).
, .
1
- (Rivest R. L.) O n 3

1
- (Lehmer D. H.) O n 4 ,

n .

-
, - (P-1)- . ,
, (

e(c+o (1))(log n ) (log log n )


, 0 < < 1 , c = const , c > 0 ).
3 :
1. 1-2 . .
2. -
.
3. -
.
.
, ,
(Dixon J. D.), - (Brillhart J., Morrison M.
A.), - (Schnorr C. P.) - (Pomerance C.),
( )
.
.

:
1. . . - , 2003
(http://www.cryptography.ru:8200/pubd/2003/12/04/0001169580/book.pdf)
2. . .
, 2002
(http://www.cryptography.ru:8200/pubd/2003/02/24/0001169266/cherem.pdf)
3. A. Menezes, P. van Oorschot, S. Vanstone Handbook of Applied Cryptography CRC
Press, 1996
4. . . , . . , . . , . .
.: , 1997
(http://www.cryptography.ru/db/msg.html?mid=1169307&uri=node189.html)