| |
 |
|
|
Science Forum Index » Cognitive Science Forum » Moving to RSA encryption
Page 2 of 2 Goto page Previous 1, 2
|
| Author |
Message |
| Richard Herring |
 Posted: Thu Nov 27, 2003 10:31 am |
|
|
|
Guest
|
In message <3FC4E38F.B6ED25D8@hate.spam.net>, Uncle Al
<UncleAl0@hate.spam.net> writes
Quote: A fellow with an idiot-savant miracle calculator friend could really
clean up! Let's see if Harris, an idiot, can demonstrate the gained
efficacy of downsizing. One need only have a table of primes smaller
than the square root of each RSA number,
Have you counted them? I believe Harris has an algorithm that will do
that, too ;-)
--
Richard Herring |
|
|
| Back to top |
|
| Lester Zick |
| Posted: Thu Nov 27, 2003 11:04 am |
|
|
|
Guest
|
On Thu, 27 Nov 2003 12:56:42 GMT, "Dik T. Winter" <Dik.Winter@cwi.nl>
in sci.cognitive wrote:
Quote: In article <3fc4d84f.78540739@netnews.att.net> lesterDELzick@worldnet.att.net (Lester Zick) writes:
On Wed, 26 Nov 2003 15:21:41 GMT, "Dik T. Winter" <Dik.Winter@cwi.nl
in sci.cognitive wrote:
...
[ Snipped James method where he uses differences of two cubes.]
This comes pretty close to the method Fermat used. (Find two squares whose
difference is 0 mod the number to be factored.) I would think working with
squares is faster.
This turns out to be incorrect in my own rather limited amateur
experience. I have programmed a number of algorithms along this line
and have produced none as fast as serial division by successive odd
numbers.
Works well indeed with small numbers (say 20/25 digits or less) or when
there is a relatively very small divisor. Most modern methods try to
find two squares with a difference that is 0 mod the number to be
factored, it is only the way those numbers are found that varies quite
a bit.
This is probably where I'm going wrong. Difference between serious and
amateur math I suspect.
Quote: Going from Fermat through Quadradic Sieve through Multiple
Polynomial Quadratic Sieve, to the same with large primes, and next to
the Number Field Sieve. The only feasable other method currently in
use is the Elliptic Curves method, which works best if there is a large
prime factor. So it does not go well with the RSA challenges, as they
have two prime factors in the neighbourhood of the square root of the
number.
But my remark more meant that working with squares would be faster than
working with cubes (as James proposed).
--
dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/
Regards - Lester |
|
|
| Back to top |
|
| Uncle Al |
| Posted: Thu Nov 27, 2003 11:39 am |
|
|
|
Guest
|
Richard Herring wrote:
Quote:
In message <3FC4E38F.B6ED25D8@hate.spam.net>, Uncle Al
UncleAl0@hate.spam.net> writes
A fellow with an idiot-savant miracle calculator friend could really
clean up! Let's see if Harris, an idiot, can demonstrate the gained
efficacy of downsizing. One need only have a table of primes smaller
than the square root of each RSA number,
Have you counted them? I believe Harris has an algorithm that will do
that, too 
If you do count them, then you assuredly know how world class stooopid
Harris is. The smallest RSA prize is $10,000. Let Harris perform and
cash the check instead of spew.
--
Uncle Al
http://www.mazepath.com/uncleal/
(Toxic URL! Unsafe for children and most mammals)
"Quis custodiet ipsos custodes?" The Net! |
|
|
| Back to top |
|
| Dik T. Winter |
| Posted: Thu Nov 27, 2003 8:31 pm |
|
|
|
Guest
|
[ An introduction to factorisation...]
In article <3fc620bb.93648699@netnews.att.net> lesterDELzick@worldnet.att.net (Lester Zick) writes:
Quote: On Thu, 27 Nov 2003 12:56:42 GMT, "Dik T. Winter" <Dik.Winter@cwi.nl
in sci.cognitive wrote:
....
Works well indeed with small numbers (say 20/25 digits or less) or when
there is a relatively very small divisor. Most modern methods try to
find two squares with a difference that is 0 mod the number to be
factored, it is only the way those numbers are found that varies quite
a bit.
This is probably where I'm going wrong. Difference between serious and
amateur math I suspect.
Indeed. Let me explain the QS methods a bit. Suppose you want to factor
the (odd) number N, you start with your "factor base", the first K primes.
(Chosing K is a bit of an art.) Let's say that K is 999. Next you find
(partial) relations of the form:
X^2 = W mod N
where W is the product of primes in your factor base, probably with -1 as
an additional factor. If you have found enough such relations you try
to a product of X's from your relations such that the factorisation of
the product of the W's have all even exponent for all prime factors (and
consider -1 also prime in this aspect). If you have that, the product
of the W's also is a square, and so you have a final relation where the
difference of two squares is 0 mod N, X'^2 = W' mod N (where X' is the
product of the X's and W' the product of the W's. And if N is the product
of two prime numbers, the probability that N is a factor of (X' - sqrt(W'))
or of (X + sqrt(W')) is 1/2. In the other cases the factors of N will
split over those two. So the probability that N does not factor decreases
by 1/2 for each full relation you find. (It gets even better when N has
more than two factors.)
From linear algebra over GF(2) it is clear that if you have more partial
relations than K+1 you are able to find full relations. (Set up a matrix
with the factors from the factor base as columns, include -1, the W's as
rows, and the exponent of the prime mod 2 as entry. Finding full relations
is elementary linear algebra.) So with K=999, when you have 1100 partial
relations you can find at least 100 full relations. Gives a good
probability of finding a factorisation.
The time-consuming part is the finding of partial relations. The finding
of full relations is the memory consuming part. I gave K=999 as an example,
but this is only for smallish numbers. The larger the number N the larger
the K. It is a balance between the finding of partial relations (easier
when K is large) and the finding of full relations (easier when K is small).
Now why the sieve, and why the multi-polynomial parts of the naming? That
is based on how you find your partial relations. You start with a polynomial
P(X) = X^2 + B, with B coprime to all primes in the factor base and coprime
to N. Now if P(X + k) is (mod N) divisible by some X, some prime Q and some
k, the same is true for P(X + k + I.Q) for arbitrary integer I. So you start
with a polynomial P(X), set up an array from say k = [-100000:100000] and
some value of X, and note where the result is divisible by 2, 3, 5, 7 and
so on, and divide the result by that prime. At the end you will have
entries with value 1, and those give you partial relations. (Details
can be improved and speeded up, but these are the basics.) This is the
'sieving'. You will use more than one starting polynomial when a single
one does not give you enough partial relations, and that is the other
part of the name.
Yes, it is a bit technical. I remember some time ago (when cracking
a RSA challenge, you may note the name CWI in a few cracked challenges),
that partial relations came in by Megabytes (through ftp) and Peter L.
Montgomery collected them for the final linear algebra part.
--
dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/ |
|
|
| Back to top |
|
| James Harris |
| Posted: Fri Nov 28, 2003 5:23 pm |
|
|
|
Guest
|
"Wolf Kirchmeir" <wwolfkir@sympatico.can> wrote in message news:<jbysxveflzcngvpbpna.hoyux72.pminews@news1.sympatico.ca>...
Quote: On Wed, 26 Nov 2003 15:21:41 GMT, Dik T. Winter wrote:
This comes pretty close to the method Fermat used. (Find two squares whose
difference is 0 mod the number to be factored.) I would think working with
squares is faster. But Fermat's method has been improved considerably to
the multiple quadratic sieve method, which works reasonably well for numbers
up to (say) 150 digits. The current method is the number field sieve, which
is similar to the quadratic sieve method, but works in different number
fields. It would do you good to delve into the methods currently used
before you go the long path from Fermat's method to the current methods.
--
dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/
Dik, you're too kind, offering help like that. James will take it as
criticism - IOW, he will claim you are an asshole for not recognising that
he's a genius to have thought of this method without reading up on it first.
Besides, since it's "close" to Fermat's method, but not the same, it's
obviously original, and James will expect accolades and tons of money for
finding it. Even if it's no improvement on existing methods.
Heh heh
Don't be silly. I don't have to argue about factoring as if I break
RSA encryption, believe me, I won't have to work to convince anyone.
As for what I've been working on, it's actually fascinating though I
don't see how it can be practical at the moment.
So it looks like RSA encryption is safe for the moment from my attack
yet again. No surprise I guess. However, from here on out, I
consider it fair game, though I won't need to talk about it, as unlike
my other research, breaking RSA encryption wouldn't require
mathematicians to admit the truth about it.
James Harris
"My math discoveries, found for profit"
http://mathforprofit.blogspot.com/ |
|
|
| Back to top |
|
| Uncle Al |
| Posted: Fri Nov 28, 2003 6:29 pm |
|
|
|
Guest
|
|
| Back to top |
|
| James Harris |
| Posted: Sat Nov 29, 2003 3:54 pm |
|
|
|
Guest
|
jstevh@msn.com (James Harris) wrote in message news:<3c65f87.0311260644.75a011d6@posting.google.com>...
Quote: I'm in a desperate situation. I have "pure math" results which should
get me accolades but instead I'm called names and mostly ignored.
Before I've tried to break RSA encryption--the basis for Internet
security--and failed miserably, but it looks like I still have no
choice but a practical math result.
So I'm back at it. If I break RSA then there won't be any debates
about the value of my work, or its correctness.
Yup, and I've noticed a few knuckleheads mocking me now about RSA, but
in mathematics it's not often instant, so I didn't expect to reply a
few days later having broken it, though that would be nice.
I'm simply noticing a full reversal of a posted position where I'd
decided to leave the problem alone. I'd backed off from that position
before, but now I'm saying that I consider cracking RSA encryption to
be a good way to break the logjam, and besides, it's an interesting
problem.
Quote: I came across a new idea that I'd like to mention that might be
fruitful.
Consider 119=7(17), and of course I use small numbers to search for
new ideas, as they're easier to work with than the monster numbers
that are the ultimate targets.
Now it can be shown by finding the first cube above 119, which is 125
that
5 = 6^{1/3} mod 17, or mod 7
but a quick search reveals that
8 = 36^{1/3} mod 17, or mod 7
so
8 = 25 mod 17
which gives the factor. The problem is, it looks a lot like chance,
and some quick tries with bigger numbers didn't get me much. But I've
expanded the way I search and it looks more promising.
It's probably a crap idea, but as usual, I'll toss it out on the
Internet.
It's not a crap idea. I've switched methods slightly to get rid of
trivial results and found something that you can find multiples
similar to what I found but they are at bigger and bigger multiples of
the base number.
For instance, I multiplied 119 by 4 to get a number that is near 8^3.
However, for a number like 10403, the multiplier is 140, so that I
have 114 = 21*22^{1/3} mod 101 or 103.
That example doesn't just give me the factor, but I'm in research mode
and I've found that the multiplier increases exponentially, or at
least it looks like it does, but it's *independent* of the factors!!!
That is, I'm tapping into something for which the factors of the
number appear to be irrelevant!
It's odd, but definitely interesting.
It might take a few years to figure it all out.
Unless of course someone out there can explain already. I'd be
curious if anyone can, as it'd save me time. Then again, it's fun
playing with these numbers anyway.
James Harris
"My math discoveries, found for profit"
http://mathforprofit.blogspot.com/ |
|
|
| Back to top |
|
| Virgil |
| Posted: Sat Nov 29, 2003 5:22 pm |
|
|
|
Guest
|
In article <3c65f87.0311291254.506698d9@posting.google.com>,
jstevh@msn.com (James Harris) wrote:
Quote: jstevh@msn.com (James Harris) wrote in message
news:<3c65f87.0311260644.75a011d6@posting.google.com>...
I'm in a desperate situation.
So desperate that JSH is now reduced to quoting himself. |
|
|
| Back to top |
|
| Uncle Al |
| Posted: Sat Nov 29, 2003 6:09 pm |
|
|
|
Guest
|
|
| Back to top |
|
| C. Bond |
| Posted: Sat Nov 29, 2003 8:37 pm |
|
|
|
Guest
|
James Harris wrote:
[snip]
Quote: It might take a few years to figure it all out.
Good. Don't come back until you do.
--
There are two things you must never attempt to prove: the unprovable -- and the obvious.
--
Democracy: The triumph of popularity over principle.
--
http://www.crbond.com |
|
|
| Back to top |
|
| Chris Lipa |
| Posted: Sun Nov 30, 2003 2:22 am |
|
|
|
Guest
|
"Justin Van Winkle" <undergman@hotmail.com> wrote in message news:<VtOdnfBmovU8lliiRVn-gQ@comcast.com>...
Quote: Here's an embarrassing fact:
I took a look at the shortest RSA challenge, and thought, "that doesn't look
TOO big". In high school I wrote a c program that could calculate all the
primes less than 1 billion in about 30 seconds. So let's do a little math.
As an idiot, the best method I personally know how to code is a sort of
seive. So to factor the RSA challenge problem, it would take my computer
(not adjusted for the fact that my simple program would quickly choke since
it uses long int) about:
(the square root of the smallest RSA problem number is about 1.4 * 10^87)
(30 sec / 1 billion) * (1 / 1.4*10^87) * (min / 60 sec) * (hour / 60 min) *
(day / 24 hour) * (year / 365 days)
or about: 1.33 * 10^72 YEARS
think how much the money will be worth when I finally finish! with all the
interest (5%/year) , it will be:
(accourding to maple) 10000*1.05^(1.33*10^72);
Float(infinity)
Easily making me the richest person in the usualverse.
Justin Van Winkle
You calculated the interest the wrong way. You get the money after
you crack the code. So the real question is how much would the
earnings be worth in 2004 dollars, and the answer is next to nothing.
~ Chris |
|
|
| Back to top |
|
| |
Page 2 of 2 Goto page Previous 1, 2
All times are GMT - 5 Hours
The time now is Fri Sep 05, 2008 9:51 pm
|
|