RSA
cryptographyFull Name: Rivest-Shamir-Adleman
Definition
RSA (Rivest-Shamir-Adleman) is a public-key cryptosystem that enables digital signatures, key exchange, and encryption based on the mathematical difficulty of factoring the product of two very large prime numbers. First described publicly in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT, RSA became the foundation of modern public-key infrastructure (PKI) and remains one of the most widely deployed cryptographic algorithms in the world. In RSA, a user generates a pair of mathematically related keys: a public key (shared openly) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the private key, and signatures created with the private key can be verified using the public key. In the EUDI Wallet ecosystem, RSA plays a supporting role in the trust infrastructure, primarily through X.509 certificates, qualified electronic signatures from existing Trust Service Providers, and backward compatibility with the established eIDAS framework, while newer wallet-native operations increasingly rely on the more efficient elliptic curve cryptography.
How RSA Works in Digital Identity Infrastructure
RSA key generation begins with the selection of two large prime numbers (typically 1024 bits each for a 2048-bit key), which are multiplied together to produce a modulus. The security of RSA relies on the fact that while multiplying two large primes is computationally trivial, factoring the resulting product back into its prime components is extraordinarily difficult with current technology. The public key consists of the modulus and a public exponent (commonly 65537), while the private key includes the modulus and a private exponent derived from the prime factors.
For digital signatures (the primary RSA operation in the EUDI Wallet context), the signer computes a hash of the message using a secure hash algorithm like SHA-256, then raises this hash to the power of the private exponent modulo the modulus. The result is the RSA signature. A verifier can confirm the signature by raising it to the power of the public exponent and comparing the result to the independently computed hash of the message. If they match, the signature is valid, proving that the message was signed by the holder of the private key and has not been altered.
In the EUDI Wallet trust chain, RSA signatures appear primarily in X.509 certificates issued by Qualified Trust Service Providers and Certificate Authorities. When the wallet verifies a credential, it may need to validate a certificate chain from the credential issuer's certificate up to a trusted root certificate in the EU Trusted Lists. Many of these root and intermediate certificates still use RSA signatures, requiring EUDI Wallet implementations to support RSA verification even if the wallet's own keys use elliptic curves.
RSA in the EUDI Wallet Trust Infrastructure
The existing European trust infrastructure built under eIDAS 1.0 heavily relies on RSA cryptography. Qualified Trust Service Providers across EU member states issue qualified electronic signatures and seals using RSA keys, and the EU Trusted Lists contain root certificates that use RSA signature algorithms. The EUDI Wallet must interoperate with this established infrastructure while transitioning toward more modern cryptographic algorithms.
When a user receives a qualified electronic attestation of attributes (QEAA) signed by a Trust Service Provider using an RSA key, the wallet must be able to verify that RSA signature to confirm the credential's authenticity. Similarly, when the wallet encounters an X.509 certificate chain where intermediate or root certificates use RSA, it must perform RSA signature verification at each level of the chain. This backward compatibility requirement means that even wallet implementations that exclusively use elliptic curves for their own operations must include RSA verification capabilities.
The transition from RSA to elliptic curve cryptography in the EUDI Wallet ecosystem is happening gradually. New Trust Service Providers are encouraged to use ECDSA or EdDSA for their signing keys, and the EUDI Wallet Architecture Reference Framework specifies elliptic curve algorithms for wallet-native operations. Over time, as the existing RSA-based trust infrastructure certificates expire and are renewed with elliptic curve keys, the reliance on RSA within the EUDI ecosystem will diminish, though support for RSA verification will likely be maintained for many years.
Post-Quantum Considerations for RSA and EUDI Wallets
A significant long-term concern for RSA in the EUDI Wallet ecosystem is the potential threat from quantum computing. A sufficiently powerful quantum computer running Shor's algorithm could factor RSA moduli efficiently, breaking the security of all RSA key sizes currently in use. While such quantum computers do not yet exist, the long operational lifetime of digital identity infrastructure means that credentials and trust chains established today may need to remain secure for decades.
The European Commission and ENISA are actively monitoring the quantum computing threat and developing migration strategies for post-quantum cryptography. The EUDI Wallet architecture is designed with cryptographic agility in mind, allowing the underlying algorithms to be updated without requiring fundamental changes to the wallet architecture or credential formats. This agility will be essential when the time comes to migrate from both RSA and current elliptic curve algorithms to quantum-resistant alternatives such as CRYSTALS-Dilithium or FALCON for digital signatures.
In the interim, some EUDI Wallet implementations may adopt hybrid signature schemes that combine classical algorithms (RSA or ECDSA) with post-quantum algorithms, providing security against both current and future threats. This approach allows the ecosystem to begin building post-quantum readiness while maintaining full compatibility with the existing trust infrastructure that relies on RSA and elliptic curve cryptography.