The security of RSA encryption depends on the difficulty of factoring the product of two large primes. If you can factor large numbers efficiently, you can break RSA. But if can break RSA, can you factor large numbers?
Sorta. It’s conceivable that there is a way to break RSA encryption without having to recover the private key. But if you can recover the private key, then you can factor efficiently. That is, if you can start with a public key (N, e), where N is the modulus and e is the encryption key, and recover the private key d, then you can efficiently factor N. See “Fact 1” in [1].
Let n = log2 N. Then the algorithm alluded to above can be run in O(n³) time. But the best known factoring algorithms take more than O(exp(√n)) time.
Suppose you’re working with RSA with 3072-bit keys. Then n = 3072 and n³ ≈ 3 × 1010 and exp(√n) ≈ 10667.
Related posts
[1] Dan Boneh. Twenty Years of Attacks on the RSA Cryptosystem. Available here.