It's fairly large. There are bigger ones.
But it's a nice big number, yep.
And it's a particular number, it's a number I've had
some association with, you might say.
This number is 129 decimal digits long,
so it's probably more than your calculator can handle easily.
Although maybe these days calculators are getting pretty smart.
But it's something a computer could work with easily,
and in fact computers have, and might have good reasons to work with them.
This number has a history that goes back to the late '70s.
We created this number as a challenge.
I don't remember the number, I haven't memorized it.
So if you'd like I could read you a few of the digits. So, 114...
3816257578888 (That's four eights in a row) 676692...
357799761466 [deep breath] 120
Brady: "Haha, alright."
1021829
That's the first line.
Brady: "How does it end?"
And it goes on for a while and it ends 879543541.
So 129 digits all together.
We didn't read them all, but
they're posted on my website if you want to see them.
They'll be in the description of the video,
and this number has a name as well, so it's got a
much shorter name than the number itself.
It's sometimes called RSA-129 because it has
a hundred and twenty nine digits.
So RSA, those are the initials of three of us that worked on a
interesting cryptographic system back in the '70s.
R is my first initial of my last name.
S is for Adi Shamir and A is for Len Adleman.
And the three of us invented a particular cyrptographic
system that's based on big numbers like the one you just heard.
So where does this number come from?
This number we created as part of an experiment to
challenge, to find out more about the
security of the cryptographic scheme
that we proposed. The scheme that we proposed was
based on products of large prime numbers.
So this number has an interesting property,
it's the product of a large prime number p
and another large prime number q.
And you multiply those two prime numbers together and you get this
number RSA-129.
So that's why it was created, and we created it
secretly choosing p, secretly choosing q.
In fact we forgot how we created p
and how we created an q. Nobody should have
known, and not even us actually
after the number was created, what those
numbers p and q were. They where multiplied
together, they're uniquely determined by
the product. There is only one p and one q that
multiply together to give this number.
But the security of the cryptographic
scheme that we proposed depends on
assumptions like that, that nobody should be
able to find out a p and a q from the product p times q.
Brady: "Who generated the number? It was you, wasn't it?"
Yes, Adi and Len and I did that.
We generated the number, we rolled some dice,
we generated some random numbers
and we multiplied on some prime numbers that
were near the initial numbers we
generated and then multiplied them together.
So we generated them, maybe in my
subconscious somewhere it's there.
I doubt it.
Brady: "But you didn't write them down on a scrap of paper?"
We didn't write them down, no.
Brady: "Why not? Why didn't you keep them in a safe or something
so you knew the answer to the puzzle?"
Well if the puzzle gets
solved then we will find out the p and the q,
and if the puzzle didn't get solved, that's fine.
Why risk having it get stolen or something if somebody broke
into my wallet or wherever I would keep those numbers?
Finding a prime number is not
that hard actually. I mean you just
need to find big numbers, and finding big
numbers isn't that hard. Big random numbers
aren't so hard you can roll some dice
or use other methods.
So we can take some big random
numbers and then you can see is that
number prime? Well maybe not, maybe it's even
so it's obviously not prime.
So maybe you can add 1 to it, and see if that number is prime.
And there's an easy test for primarily which I
don't need to go into here.
But it's easy to test if a number's prime. And so you can
just search a little bit, and primes are
actually quite common. So it doesn't take
much time to find a large prime number.
And then you got your number p and you can do the
same thing start it with a different
starting point to find your number q.
And then you've got a big prime number p and a big prime number q.
RSA was a response to an open
problem posted by Diffie and Hellman.
Diffie and Hellman had this idea that you could have
a way of doing cryptography called public key cryptography
where you could tell somebody
how to encrypt without telling them how to decrypt.
So the idea of RSA is that the
core difficulty that you give an
adversary is the product of factoring a large number.
And so you might choose two
large prime numbers, multiply them
together and post that as your public key.
So if I'm sending a message to you
using your public key, and you've got
posted as your public key the product of two prime factors
you do yourself need to know those two
prime factors in order to do the decryption effectively.
So you'd keep those secret.
That's your secret key.
You don't tell anybody. You need those to decrypt.
In the case of this challenge we
weren't decrypting messages sent to us,
so we didn't need to record the factors.
But in practice with RSA
you'll need to have one party who knows
the prime factors and everybody else who knows
just the public key, the product of those two prime factors.
We came up with the idea and
it seemed to work. It seemed to have the right kind of properties.
It gave the ability to post
a public key in such a way that
nobody could figure out how to decrypt
something that was encrypted with that public key.
But there's a missing piece then, and still now, to some extent.
We don't really know how hard factoring
the products of two large prime numbers is.
And so we set out a challenge.
And that was the first challenge. Actually there was
many more challenges later.
A whole ladder and sequence of challenges, but RSA-129 was the first one.
And we said, you know, this we think is a hard problem.
We don't think you'll be able to solve that.
We put an estimate in a column,
actually, that Martin Gardner wrote about this,
estimating it would take
40 quadrillion years to factor this
particular product, RSA-129, and we
offered a hundred dollars to anybody who
could do it. And the goal there was just
to learn about the difficulty of factoring.
If somebody could factor it, we'd say, well,
you're off, Rivest and Shamir and Adleman, as to how hard
factoring is. Maybe it's easier than you thought.
And so we offered a hundred dollar prize.
So at the time, it was an open problem,
and still is an open problem as to how hard it is.
It was poorly studied at the time.
There were some papers published.
Not like now. After RSA
factoring has become an object of much
more study. But before then it was
more of a curiosity, and a few
people studied it. So we had to search
around to find people who had thought about
factoring. But it seems to be hard.
There were no good algorithms.
It's also the case that RSA is flexible in the sense that you
can choose prime numbers of any length
and build an RSA modulus that way.
So you can build numbers of products of
250 digit primes, or 200 digit primes, or
200 digit primes, or whatever you like.
You can make it much more challenging for
the adversary by choosing the primes large,
larger, so it seemed like factoring
would be a good foundation,
and the question really is, how big should the primes be chosen?
So with RSA-129 it sat there for quite a while.
I mean we had that number was published
in the late '70s. During the
'80s, not much happened.
Computers started getting faster. The internet
started happening. In the early '90s
the web happened, you know, but that
number was just sitting there, and
seemingly ignored for a long time.
But then in '94 a team of researchers came up with a factorization.
And they used the increases in computer speed to factor
the number. They use the internet to get
a team of people all over the planet to
factor the number. They used better
algorithms to factor the number.
And after a lot of work they were able to
produce the two prime factors that when
multiplied together gave RSA-129.
And that was what a shock to us.
Brady: "Was it? I mean, if everyone's working on the one
specific case, I would have thought maybe it
would be easier to crack, if all
the people were looking at the one number."
You can sort of predict the growth of
technology. So the the speed of computers
you can predict. The amount of, the number
of computers you can get together to
work on a problem you can predict pretty well.
What you don't know how to predict so well
is the better, the improvement
in algorithms. And that's really what the key was here.
Better algorithms.
Brady: "Did this, like, undermine anything?
Or, like, where had the technology, where had cryptography
gone since then?"
Cryptography had evolved tremendously since then.
It was, it was a surprise to us.
It didn't mean that RSA was in any way disabled or dead,
it just meant that numbers of that size shouldn't be used.
Those numbers were too short. The primes were too short.
And that was the lesson there.
And that was one of the things we wanted to learn from this
challenge. Is that a reasonable size to use,
or do you need to use larger numbers?
People still use RSA, they just use larger numbers than this now.
So, instead of a 129 digit number
they might use a 200 decimal digit number
or a 300 decimal digit number, say.
So larger numbers seem to be immune
from these kinds of attacks, still.
So we had offered a hundred dollars
for the factoring of this, and so we had to pay up. And we did.
So, we wrote a cashier's check for a hundred dollars,
and then gave it to the team of
Derek Atkins, Michael Graff, Arjen Lenstra and Paul Leyland
were the team that led this,
there were many other people were involved as well,
and so we wrote a hundred dollar cashier's check for them.
At the time I thought it
was probably, and maybe still is, the
cheapest purchase of lots and lots of
computer time ever.
So it really, a hundred dollars for
that much computing time was really quite a coup I thought.
How do you feel about quantum computing?
So quantum computing seems to be
coming along, people keep working on it,
there's quite a bit of money involved on
the research side of things. I would love
to see it fall flat on its face and
not work at all. It would be the demise
of RSA should quantum computing happen.
Let's say you're the bank and you give
out two numbers, they're public, so everyone
can know them, they're not secret numbers
and everyone can know them, and we choose the number three and the number ten.
The bank also have a secret number...
