2

My question is how many bits of prime number is secure so that it cannot be factored from very large number? Until today how large prime factor is found in large number?

Quantum computing find highest factor of size of 16 bits only( 56,153) until today and I studied that rsa-768 in which 384 bits prime number is factored from large number. Why different schemes takes very large prime, when even two 1000 bits prime number cannot be factored from 2000 bit large number until today? Thanks.

vivek
  • 197
  • 3
  • 13
  • It has become quite debatable that 1024 bit integers (chosen to be hard to factor) "cannot be broken until today"; see links in this answer. – fgrieu Jun 04 '16 at 06:24
  • frgrieu then why people taking 2048 bits prime to generate the key. – vivek Jun 04 '16 at 08:58
  • 2048 bit RSA uses a 2048 bit semi-prime which is the product of two 1024 bit primes. If you want 2048 bit primes, you need 4096 bit RSA. – CodesInChaos Jun 04 '16 at 10:51
  • CodesInChaos I simply want a secure number which is product of 2 primes of 1024 bits. Is this number be factored ? – vivek Jun 04 '16 at 10:58

1 Answers1

4

There is some confusion here. The definition of prime numbers states that cannot be factored (see Definition of prime numbers)

You seem to be talking about RSA modulus which is the product of two prime numbers (see RSA cryptosystem).

As far as keylength is concerned 768 bits is not considered safe today. Note that the keylength choice is a compromise between speed and security, basically we're trying to estimate the shortest keylength that is beyond the cryptanalytic capabilities of any attacker (that needs to stay true as long as the data is valuable). Since we base that estimate on the best publicly known attacks against the cryptosystem (namely here factoring) running on publicky available hardware we add a cushion to take into account increase in computing power, entities that know or will know more than we do.

To answer your question, new RSA public keys should be at least 2048 bits long so slightly larger than your 1600 bits initial proposal here. For further reference you can refer to the keylength website.

Alexandre Yamajako
  • 1,074
  • 6
  • 6
  • Thanks for answering. Regarding your first point about confusion, I want to say if there is large number which is multiple of large primes say n=p*q where p, q are large primes. Then to factorize n to get p and q. – vivek Jun 04 '16 at 08:52
  • Secondly, my question is if 1024 bits primes cannot be get from very large number until today as said by @fgrieu in above comment. Why to take 2048 bits prime. As generating 2048 prime is very time consuming then 1024 prime – vivek Jun 04 '16 at 08:54
  • Prime numbers can be trivially factored, simply return the number itself. – CodesInChaos Jun 04 '16 at 10:50
  • If n=p*q where p,q are prime numbers of 384 bits then n is of 786 bits. Then this scheme is not secure as by rsa-768 bits can be factored. But if p,q be of 398 bits each then n is of 796 bits. Then this scheme is not cracked until now. So, I take prime number of size 398 bits which give rsa-796. But people say that this scheme is not secure and you should take p,q of 1024 bits giving n of 2048 bits – vivek Jun 04 '16 at 11:26
  • i think you misunderstood fgrieu's comment. His point was that based on published research we think that factorizing 1024 bits semi-prime (product of 2 512 bits prime) might be within the reach of well funded agencies. – Alexandre Yamajako Jun 05 '16 at 09:35
  • Now to your second point, if 1024 is within reach then why not pick 1030 semi primes or 1050 ? The answer is "we want the security margin to be large" – Alexandre Yamajako Jun 05 '16 at 09:47
  • We dont want our adversary to factor the new keylength by using the same techniques but "just" throwing more money or more computer. By going from 1024 to 2048 bits we ensure that our adversary knows something that we dont about factoring. If you want to know more, look up the ecrypt entry of the keylength website or the logjam paper – Alexandre Yamajako Jun 05 '16 at 10:02