Junxin has always known that Professor Pelly is a very punctual person, just like a mechanical watch, what to do at what time, not a single penny, very little free time. So Junxin is very grateful to him for being able to squeeze out half an hour to talk to him and roughly accept his paper. So when the time was up, he didn't keep it according to Chinese customs, but sent him to the door, and after watching him get into the car, he returned to this reception room. Tonight, he was going to receive not a group, but three other people.

However, Junxin is more fortunate that the next time is relatively generous, so he doesn't have to pay full attention to Professor Paley's every move as he did when communicating with Professor Paley, and it doesn't necessarily have any effect, because after the whole conversation, the initiative of the words is still with Professor Paley.

In less than ten minutes, Ronald Leevest, Adi Samor, and Leonard Aardman, who had agreed upon, hurried here.

Without waiting for Junxin to ask, Levist, who was the leader of the three, couldn't wait to say: "Dear sir, according to the respected Professor Quelen of the Department of Mathematics, you have found some errors and omissions in the RSA public key developed by the three of us, is this true?" ”

Junxin could understand his thoughts, so he didn't waste any time, and nodded directly, "That's right, the RSA code does have a little flaw, although it's not obvious now, but when I was researching, I still noticed some special situations." ”

"Can you tell us what you think?" Leonard, who was wearing glasses, asked.

Jun Xin nodded and said, "I just have time now, so I'll briefly say what I think." ”

"Please!"

"The RSA public key consists of three parts, one is the key length, and the remaining two are a pair of related numbers. When generating keys, a probabilistic algorithm is first used to verify that a randomly generated large integer is prime, which is faster and can eliminate most non-prime numbers. If a number passes this test, then use an exact test to ensure that it is indeed a prime number. ”

"What do you mean is that the shortcoming of the RSA algorithm lies in the fact that it is the generator of random prime numbers, and Nader lifted his glasses and asked with a serious expression.

"Yes, for generating random large prime numbers, the algorithm for finding the prime numbers needs to not be able to give any information to the attacker, so the software that generates random numbers must be very good. The requirements are random and unpredictable. Of course, these two requirements are not the same. A random process may produce a series of unrelated numbers, but if someone can predict or partially predict the series, then the random program is no longer reliable. For example, there are some very good random number algorithms, but they have been published, so they can't be used, because if an attacker can guess half of two prime numbers, they can already easily calculate the other half. Junxin explained, but in his opinion, these things were completely scripted.

"So, what about your approach?" Samor, who had not spoken, suddenly asked.

Jun Xin raised his eyebrows and said, "Strictly speaking, I don't have anything I can do. In fact, when I was doing statistical calculations, I discovered the shortcomings of the RSA public key algorithm. I've found that no matter how much I try to change the algorithm to change the way random large prime numbers are generated, there is always the problem that 27,000 public keys out of 7 million experimental samples are not theoretically randomly generated. That is, someone may be able to find out the secret prime number that produces the public key. While I've found that the vast majority of public keys are theoretically generated, two out of every 1,000 public keys are safeguarded. This gives great convenience to the attackers. ”

"How did you do that?" Levest asked.

"I came across the relevant papers published by the three of you in computer journals, and after research, I became interested in the algorithm of factor decomposition of large prime numbers that you use, so after studying computer theory for a period of time, I tried to write several algorithms that can produce random large prime numbers, and I always found this problem after using the electronic computer of the Institute for Advanced Study in Princeton for data processing. These are some of the algorithms and judgment reports issued by the computer that I listed when I was doing the relevant calculations! ”

As he spoke, Junxin handed the report of the calculation algorithm code and computer judgment that he had kept at hand for a long time to Leonard, who was closest to him. "As for the algorithm, I have verified it by the computer, and there is no problem so far, at least when I use these large prime numbers, but the results still have unchangeable deviations, which really surprises me," he explained. ”

"There is indeed such a problem, when we are researching, we only consider the problem of the algorithm itself, and do not look at the statistical problems outside the algorithm, which is our mistake." Levest said apologetically.

Junxin shook his head and said, "As far as I know, the problem inherent in RSA public keys comes from the most useful feature of the public key cryptography - the ability for everyone to use the public key. However, this problem cannot be solved algorithmically, and there are two main measures: one is to adopt a good public key protocol to ensure that the entity does not decrypt the information arbitrarily generated by other entities in the process of work, and does not sign the information that it knows nothing about; The other is to never sign random documents sent by strangers, and use the One-WayHashFunction to HASH the document first, or use different signature algorithms at the same time. ”

So I don't think that statistical problems are unavoidable, or that there is always a way to address the risks posed by insecure passwords. But now the question is: what about the RSA public key outside of the algorithm? Junxin shook his head and said.

"That's what we've been working on recently!" After listening to Junxin's words, Levest finally began to come up with dry goods, "But I think you're selling your quantum communication problem to us, right?" ”

"Mr. Shannon has proposed that a secret is the most secure way, theoretically because of the special nature of quantum, there is indeed no situation where it is not detected by being monitored, but after all, quantum communication technology is only a temporary concept, it still exists in the concept, and it is impossible to use it in communication in a short period of time, so a relatively secure communication encryption method is necessary, and indeed, in today's world, there is no communication that is more secure than RSA, so it must be used, We're going to have to figure out how to make some changes to the RSA, don't you think? ”