How many prime numbers are there (available for RSA encryption)?

cryptography rsa primes prime-factoring
20,464

Solution 1

RSA doesn't pick from a list of known primes: it generates a new very large number, then applies an algorithm to find a nearby number that is almost certainly prime. See this useful description of large prime generation):

The standard way to generate big prime numbers is to take a preselected random number of the desired length, apply a Fermat test (best with the base 2 as it can be optimized for speed) and then to apply a certain number of Miller-Rabin tests (depending on the length and the allowed error rate like 2−100) to get a number which is very probably a prime number.

(You might ask why, in that case, we're not using this approach when we try and find larger and larger primes. The answer is that the largest known prime has over 17 million digits- far beyond even the very large numbers typically used in cryptography).

As for whether collisions are possible- modern key sizes (depending on your desired security) range from 1024 to 4096, which means the prime numbers range from 512 to 2048 bits. That means that your prime numbers are on the order of 2^512: over 150 digits long.

We can very roughly estimate the density of primes using 1 / ln(n) (see here). That means that among these 10^150 numbers, there are approximately 10^150/ln(10^150) primes, which works out to 2.8x10^147 primes to choose from- certainly more than you could fit into any list!!

So yes- the number of primes in that range is staggeringly enormous, and collisions are effectively impossible. (Even if you generated a trillion possible prime numbers, forming a septillion combinations, the chance of any two of them being the same prime number would be 10^-123).

Solution 2

As new research comes out the answer to your question becomes more interesting. In a recent paper "Imperfect Forward Secrecy:How Diffie-Hellman Fails in Practice" by David Adrian et all found @ https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf accessed on 10/16/2015 the researchers show that although there probably are a sufficient number of prime numbers available to RSA's 1024 bit key set there are groups of keys inside the whole set that are more likely to be used because of implementation.

We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.

The research also shows a flaw in TLS that could allow a man-in-middle attacker to downgrade the encryption to 512 bit.

So in answer to your question there are probably a sufficient quantity of prime numbers in RSA encryption on paper but in practice there is a security issue if your hiding from a nation state.

Share:
20,464
pinhead
Author by

pinhead

Updated on July 09, 2022

Comments

  • pinhead
    pinhead almost 2 years

    Am I mistaken in thinking that the security of RSA encryption, in general, is limited by the amount of known prime numbers?

    To crack (or create) a private key, one has to combine the right pair of prime numbers.

    Is it impossible to publish a list of all the prime numbers in the range used by RSA? Or is that list sufficiently large to make this brute force attack unlikely? Wouldn't there be "commonly used" prime numbers?

  • pinhead
    pinhead about 11 years
    And there are enough prime numbers that there have never been any collisions? I mean, they have to be "small" enough to fit in RAM or some kind of limit like that?
  • David Robinson
    David Robinson about 11 years
    @pinhead: See my latest update. The prime numbers of this size can fit in RAM incredibly easily- they range from 1-4 kb. But the list of possible primes (estimated above to be about 10^147) wouldn't fit even if you used every single atom in the universe to store a different bit.
  • Nick Johnson
    Nick Johnson almost 11 years
    "which means the prime numbers range from 512 to 2048" - I think you mean 512 to 2048 bits.
  • Hans Dampf
    Hans Dampf over 8 years
    Very good answer. The problem is that it assumes a perfect PRNG to generate this amount of unique numbers to derive the primes from. In reality PRNG are often not as good as they should be, due to lack of entropy or due to buggy implementations. Because RSA public keys contain the date of generation you know already a part of the entropy which further can help to restrict the range of possible random numbers. Here is a good example showing that there may be less possible RSA keys than one might expect: lwn.net/Articles/482089
  • Hans Dampf
    Hans Dampf over 8 years
    Many public keys contain version information, so that you know what software and version was use to generate the key. If this version had known vulnerbilities in key generation this can further help you in cracking it.
  • Dessa Simpson
    Dessa Simpson about 6 years
    @DavidRobinson When you say 1/ln(n), do you mean n/ln(n)? Because that is what you plug in with 10^150.
  • David Robinson
    David Robinson about 6 years
    @DuncanXSimpson 1/ln(n) is the density (thus n/ln(n) is the number)
  • doubleOrt
    doubleOrt about 6 years
    2^512 is 134078079299425970995740249982058461274793658205923933777235‌​61443721764030073546‌​97680187429816690342‌​76900318581864860508‌​53753882811946569946‌​433649006084096, how do you get 150 from that result ?
  • David Robinson
    David Robinson about 6 years
    @Taurus 10^150, not 150
  • Nic
    Nic almost 5 years
    Fun math fact: The number of bits required to represent the current largest prime we know is roughly 56,000,000. (log2(10^(17000000)) ~= 5.6 * 10^7)
  • SpelingError
    SpelingError about 4 years
    The prime number function π(x), which is approximated by x/ln(x) covers all primes less than or equal to x. However, for RSA encryption, you are only using 1024 bit primes, and not using primes smaller than that. So technically, to estimate the size of a prime library of 1024 bits, you have to subtract all of the smaller primes less than 1024 bits. (Granted, I believe the result is still the same order of magnitude)
  • SomeCallMeTim
    SomeCallMeTim almost 4 years
    This post is a bit older, but researchers in 2012 found public certificates that shared primes. Some 0.2% of the 6.2M they tested were easily factored/broken in less than a day of CPU time. So apparently the random number generation isn't sufficiently random? Maybe these were the result of that Debian bug? eprint.iacr.org/2012/064.pdf and the algorithm explained: algorithmsoup.wordpress.com/2019/01/15/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Prime factors in Haskell
How to encrypt data using RSA, with SHA-256 as hash function and MGF1 as mask generating function?
RSA key convert to PEM file
C# RSA Encrypting text using a given PKCS#1 public key
Python Cryptography module save/load RSA keys to/from file
How to generate an RSA asymmetric Key Pair in Swift for IOS?
Verify signature generated with RSA 2048-bit key, SHA256 algorithm and PKCSv1.5 padding
Prime factorization for big numbers
Python recursive program to prime factorize a number
Difference between X.509 and pem