A Comparative S-Index in Factoring RSA Modulus via Lucas Sequences

General Lucas sequences are practically useful in cryptography. In the past quarter century, factoring large RSA modulo into its primes is one of the most important and most challenging problems in computational number theory. A factoring technique on RSA modulo is mainly hindered by the strong prime properties. The success of factoring few large RSA modulo within the last few decades has been due to computing prowess overcoming one strong prime of RSA modulo. In this paper, some useful properties of Lucas sequences shall be explored in factoring RSA modulo. This paper introduces the Sindex formation in solving quadratic equation modulo N. The S-index pattern is very useful in designing an algorithm to factor RSA modulo. At any instance in the factoring algorithm, the accumulative result stands independently. In effect, there is no clear direction to maneuver whether to go left or right. The S-index will add another comparative tool to better maneuver in a factoring process. On one hand, it shall remain a theoretical challenge to overcome the strong prime properties. On the other hand, it shall remain a computational challenge to achieve a running time within polynomial time to factor RSA modulo. This paper will propose an avenue to do both using general Lucas sequences. INTRODUCTION General Lucas sequences have made significant contribution to the field of cryptography. Lucas sequence V has been proposed to be used for public key cryptosystem (Smith and Lennon, 1994), in a manner similar to the famous RSA (Rivest et. al., 1978), but using Lucas sequences modulo a composite number instead of exponentiation. It has stipulated to have the same security level as RSA for the same size key, but is about twice as slow. A special Lucas sequence has been used to directly factor pseudo prime numbers especially Carmichael numbers (Abu et. al., 2004). An efficient computation of general Lucas sequences can be found in (Joye and Quisquater, 1996). Zhenxiang Zhang has shown on how to factor an RSA modulo into its primes near both multiples of group orders P−1 or P+1 and respectively Q−1 or Q+1 using Lucas sequences. An asymmetric key GM cryptosystem has been developed by Shafi Goldwasser and Silvio Micali in 1982. It is semantically secure based on intractability of the quadratic residue problem modulo N = PQ where P and Q are large primes. The difficulties of decrypting the ciphertext without the key pair (P, Q) is solely based on a comparative interactive challenge on whether a given ciphertext c is a quadratic residue modulo N when the Jacobi symbol for c is +1. The non-positional nature of Residue Number Systems (RNS) is very efficient in a single arithmetic computing without any hassle of carry propagations. Unlike in the common index number system, RNS has a drawback in comparison. There is no ease general method for magnitude comparison in RNS. This inability to compare two numbers whichever is larger makes it difficult to operate on large modulo efficiently especially in the field of cryptography. (Sousa, 2007). The magnitude comparison in RNS is equivalent to the Comparative S-Index in this paper. CRITERIA OF STRONG RSA PRIMES Let N be the product of two primes, P and Q. It may be desirable to use strong primes for P and Q. These are prime numbers with certain properties that make the product N difficult to factor by known factoring methods. The selection of P and Q as strong primes has been recommended, prior to the year 2000, as a way to safeguard the well-known classical factoring algorithm (Rivest and Silverman, 2001). However, these basic strong prime criteria are independently imposed on P or Q. Among the properties of strong RSA modulo N = PQ are as follows. Criterion 1: P−1 and P+1 consists of a large prime factor. Let P−1 =        k P P P 1 0  and P+1 =        k P P P 1 0  . The largest prime factors   k P and   k P should be larger than 256-bit for 512-bit P. Criterion 2: Q−1 and Q+1 consist of a large prime factor. Let Q−1 =        k Q Q Q 1 0  and Q+1 =        k Q Q Q 1 0  . Respectively, the largest prime factors   k Q and   k Q should be larger than 256-bit for 512-bit Q. Criterion 3: Recursively, for each largest factor, 1    k P and 1    k P must also consist of large enough prime factor, namely,     k P and     k P following the notation in (Rivest and Silverman, 2001). Criterion 4: Each largest factor of the prime 1    k Q and 1    k Q must also consist of large enough prime factor namely,     k Q and     k Q respectively. Factoring the RSA modulo N is well known to be unfeasible. Recently, (Boudaoud, 2009) explores another practical approach to surmount this major difficulty by finding the factorization of an integer in a small neighborhood of N instead of N. (Bakhtiari and Maarof, 2012) pointed out that there are more than one set of decryption key (d, N) on a given set of RSA encryption key (e, N). However the distance between them is lcm(P−1, Q−1) which is ruled by the basic strong prime criteria. Let an elliptic curve be the set of points E(a, b) = { (x, y, z) : yz ≡ x + axz + bz (mod p) } By the end of the century, it has been noted to be useless to concentrate on strong primes. It is unnecessary to protect against factoring attacks by building large prime factors into P−1 or P+1 since the adversary can instead attempt to overcome by finding an elliptic curve E(a, b) whose size P P b a E P P 2 1 ) , ( 2 1       is smooth (Rivest and Silverman, 2001). GENERAL LUCAS SEQUENCES Given integer parameters p>2 and q>0, the general Lucas sequences give rise to two functions similar to exponentiation, namely, Un and Vn. U0 = 0, U1 = 1, Un = p·Un–1 – q·Un–2 V0 = 2, V1 = p, Vn = p·Vn–1 – q·Vn–2 Calculating an element of a Lucas sequence can be done in a very similar pattern to exponentiation using a power modulo operation. It may be helpful to think of p as the base and the index n as the exponent. The closed forms of the general Lucas sequences are: