Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!pyrnj!esquire!cmcl2!lanl!jlg
From: jlg@lanl.UUCP
Newsgroups: sci.crypt
Subject: Re: Security of RSA and factoring
Message-ID: <11493@lanl.ARPA>
Date: Fri, 16-Jan-87 16:43:40 EST
Article-I.D.: lanl.11493
Posted: Fri Jan 16 16:43:40 1987
Date-Received: Sat, 17-Jan-87 15:40:24 EST
References: <9041@duke.duke.UUCP> <4205@columbia.UUCP>
Reply-To: jlg@a.UUCP (Jim Giles)
Organization: Los Alamos National Laboratory
Lines: 17

In article <4205@columbia.UUCP> eppstein@tom.columbia.edu (David Eppstein) writes:
>In <9041@duke.duke.UUCP>, srt@duke.UUCP (Stephen R. Tate) writes:
>> Namely, breaking the RSA protocol has the same complexity as factoring
>> a very large number.  The fastest computer available today would take
>> several billion years to factor such a large number, giving the security
>> of the system.
>
>This has not to my knowledge been proven.  What is true is that the
>only known method of breaking RSA involves factoring huge numbers, but
>that is not to say that there is not some other undiscovered method.
>There are cryptosystems which have been proven equivalent to
>factoring, but I don't think RSA is one of them.
>-- 

The original MIT paper on RSA contained a proof that any transformation
which decripts an RSA code will also contain the factors of the modulus
(perhaps implicitly).