LLMpediaThe first transparent, open encyclopedia generated by LLMs

RSA key exchange

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: TLS 1.3 Hop 4
Expansion Funnel Raw 68 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted68
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
RSA key exchange
NameRSA key exchange
TypeCryptographic protocol
Invented byRivest–Shamir–Adleman
Published1977
FieldPublic-key cryptography
RelatedDiffie–Hellman key exchange, Transport Layer Security, TLS 1.0, Secure Sockets Layer

RSA key exchange is a public-key method used to establish a shared secret between parties by encrypting session keys with the recipient's public key. It formed a foundational role in early versions of Transport Layer Security and Secure Sockets Layer and influenced practices in Internet Engineering Task Force standards and commercial implementations. The technique intersects with work by Ron Rivest, Adi Shamir, and Leonard Adleman and connects to broader developments in public-key cryptography and applied cryptanalysis.

Overview

RSA key exchange uses an entity's public component to protect a randomly generated symmetric key, which is then decrypted by the entity holding the corresponding private component. Implementations historically appeared in protocols produced by Netscape Communications Corporation and in specifications from Internet Engineering Task Force working groups such as the TLS Working Group. Deployments in products from Microsoft Corporation, Oracle Corporation, and Apple Inc. integrated RSA-based key transport into stacks used by services at companies like Amazon (company), Google LLC, and Facebook, Inc.. Standards bodies including the National Institute of Standards and Technology and the European Telecommunications Standards Institute documented interoperability profiles and compliance expectations.

Mathematical Foundation

The security premise rests on integer factorization of large composite numbers formed from two prime factors, a problem studied in computational number theory and algorithms such as the General Number Field Sieve and the Pollard rho algorithm. RSA uses modulus arithmetic in rings over integers modulo n = p·q, leveraging Euler's totient function and properties of modular exponentiation described in texts by Claude Shannon and topics in algebraic number theory. Key parameters follow recommendations influenced by reports from National Institute of Standards and Technology publications and threat assessments from agencies like the National Security Agency. Cryptographic hardness assumptions contrast with problems underlying Diffie–Hellman key exchange and lattice-based proposals considered by groups such as X.509 and post-quantum research teams at IBM and Google Research.

Protocol Variants and Usage

Variants of RSA key transport include pure RSA-encrypted premaster secrets as seen in early TLS 1.0 and later hybrid modes combining RSA with ephemeral schemes developed in response to forward secrecy requirements advocated by researchers from University of California, Berkeley and Massachusetts Institute of Technology. Profiles employing RSA key exchange were present in RFCs authored by contributors associated with Internet Engineering Task Force and were implemented in server software such as Apache HTTP Server and nginx (software). Commercial VPN products from Cisco Systems and email systems conforming to S/MIME initially supported RSA key transport for session establishment. Modern deployments often prefer alternatives like Elliptic-curve Diffie–Hellman or Ephemeral Diffie–Hellman for better properties regarding key compromise and Perfect Forward Secrecy advocated in guidance from ENISA and academic groups at Stanford University.

Security Analysis and Attacks

Attacks targeting RSA key exchange exploit weaknesses in padding modes, implementation errors, and advances in factorization. Notable cryptanalytic directions include timing attacks demonstrated by researchers at Brown University and cache-based side-channel analyses reported by teams at University of Pennsylvania and Princeton University. The Bleichenbacher attack, developed by researchers at Technische Universität Darmstadt and Darmstadt Graduate School, exploited PKCS #1 v1.5 padding to perform adaptive chosen-ciphertext attacks against TLS servers, prompting mitigations in OpenSSL and in guidance from CERT Coordination Center. Large-scale factoring projects by consortiums with participation from CWI and University of Bonn have driven key-size recommendations by NIST and influenced migration policies in enterprises such as IBM and Microsoft Corporation. Quantum computing efforts at organisations like Google LLC, IBM, and D-Wave Systems motivate transition plans away from RSA-based key transport toward post-quantum alternatives evaluated by the National Institute of Standards and Technology.

Implementation Considerations

Practical use requires careful handling of key generation, padding (PKCS #1, OAEP), random number generation from sources like Linux kernel entropy subsystems, and side-channel resistant coding as advised by cryptographic libraries such as OpenSSL, BoringSSL, LibreSSL, and GnuTLS. Interoperability matrices managed by IETF working groups and test suites from Mozilla and OWASP influenced default cipher suite selections in web servers and browsers including Mozilla Firefox and Google Chrome. Compliance regimes from Payment Card Industry and standards from ISO guide parameter choices, while hardware acceleration via modules from Intel Corporation and ARM Holdings and HSMs by Thales Group affect performance and key protection. Key lifecycle management practices promulgated by NIST and enterprise vendors address rotation, revocation, and backup considerations.

Historical Development and Adoption

RSA key transport emerged after the 1977 publication by Rivest–Shamir–Adleman and entered commercial use in the 1990s with Netscape Communications Corporation and in early Secure Sockets Layer deployments that shaped web commerce involving merchants and payment systems. Subsequent standardization work at the Internet Engineering Task Force and inclusion in X.509 certificates supported adoption by certificate authorities such as VeriSign and later entities like Let's Encrypt. Cryptanalytic milestones by researchers at institutions including Massachusetts Institute of Technology and École Normale Supérieure and policy shifts driven by NIST guidance led to evolving key size requirements and eventual preference for ephemeral key agreement in modern TLS versions. Current transitions reflect contributions from university labs, corporate research groups, and international standards organizations.

Category:Public-key cryptography