0

I'm currently trying to create a lua script that can handle encrypting and decrypting using RSA, but when decrypting, the program takes an extremely long time, whilst when encrypting, the program is done within a matter of milliseconds.

Currently, I'm wondering:

  • How many bits should p and q be?
  • How big should pq be?
  • How big should the decryption exponent be?
  • How big should the decryption exponent be in comparison to the encryption exponent?

I can't seem to find any sources on the internet that give a simple, easy-to-understand answer as to the relations between encryption and decryption exponents.

ZachT112
  • 11

2 Answers2

1

How many bits should p and q be?

Half (or near half) the size of the desired key size, which in turn depends on the security in bits that you try to achieve. You could look at the Lenstra equations, but non-mathematicians generally prefer keylength.com

How big should pq be?

p and q multiplied together is the modulus, and the size of the modulus defines the key size. It's of course the size of p and q added together, and p and q need to have near identical sizes (they are precisely half the size in practice).

How big should the decryption exponent be?

The security of RSA (only) requires the public exponent to be relatively prime with the modulus, so it is often pre-set to a smallish known prime, usually 0x010001 or the fifth prime of Fermat (also known as F4). This makes public key operations fast and makes recalculation of the modulus unlikely. However, it may have any size, from 2 bits (for value 3 usually) to the size of the modulus.

How big should the decryption exponent be in comparison to the encryption exponent?

They are largely unrelated, but both are practically bounded by the size of the modulus.

I can't seem to find any sources on the internet that give a simple, easy-to-understand answer as to the relations between encryption and decryption exponents.

That should make more sense now.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
1
  1. It depends on the level of security your application need. If the size of the modulus $n$ is $2048$ bits ($617$ decimal digits) then $p$ is a prime of $2048 / 2 = 1024$ bits and $q$ is a prime with almost the same size. Usually $q$ is slightly smaller than $p$ to avoid the Fermat factorization attack [1].
  2. Again, it depends on the level of security needed. A common modulus size is $2048$ bits.
  3. Big. The decrypt exponent $d$ has the same bit size of the modulus $n = pq$.
  4. Big. Typically the public exponent $e = 65537 = 2^{16} + 1$ for efficiency.
Diego Olvera
  • 41
  • 5