Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!princeton!allegra!ulysses!mhuxt!ihnp4!ihlpf!stewart
From: stewart@ihlpf.UUCP
Newsgroups: sci.crypt
Subject: Re: Security of RSA and factoring
Message-ID: <937@ihlpf.UUCP>
Date: Tue, 13-Jan-87 15:16:50 EST
Article-I.D.: ihlpf.937
Posted: Tue Jan 13 15:16:50 1987
Date-Received: Wed, 14-Jan-87 23:03:42 EST
References: <9041@duke.duke.UUCP> <4205@columbia.UUCP> <9054@duke.duke.UUCP>
Organization: AT&T Bell Labs, Naperville, IL
Lines: 22

>> What is true is that the
>> only known method of breaking RSA involves factoring huge numbers, but
>> that is not to say that there is not some other undiscovered method.

> The point about RSA is that if you can break the code, you can get
> the factorization of the key (this is easy to do).  Therefore, it is
> obviously equivalent in difficulty to factoring.  (i.e., you can set
> up a "fake" RSA scheme using the number to be factored, break RSA, and
> then you have the factorization of the number -- so while you don't
> necessarily have to be able to factor a number to break RSA, the problems
> have the same difficulty.  Make sense?)

It's not this easy.  You need the factors of your prime to generate the
RSA keys.  This prevents you from setting up the "fake" RSA scheme to
get the factorization.

Even if you could set up a fake RSA scheme, it might still be possible
to break it without factoring the composite number.  RSA is no *more*
difficult than factoring, but it still might be *less* difficult.

Bob Stewart
ihnp4!ihlpf!stewart