211 research outputs found
Note on Integer Factoring Methods IV
This note continues the theoretical development of deterministic integer
factorization algorithms based on systems of polynomials equations. The main
result establishes a new deterministic time complexity bench mark in integer
factorization.Comment: 20 Pages, New Versio
Recovering zeros of polynomials modulo a prime
Let be a prime and the finite field with elements. We show how, when given an irreducible bivariate polynomial and an approximation to a zero, one can recover the root efficiently, if the approximation is good enough. The strategy can be generalized to polynomials in the variables over the field . These results have been motivated by the predictability problem for nonlinear pseudorandom number generators and other potential applications to cryptography
Notes on Small Private Key Attacks on Common Prime RSA
We point out critical deficiencies in lattice-based cryptanalysis of common
prime RSA presented in ``Remarks on the cryptanalysis of common prime RSA for
IoT constrained low power devices'' [Information Sciences, 538 (2020) 54--68].
To rectify these flaws, we carefully scrutinize the relevant parameters
involved in the analysis during solving a specific trivariate integer
polynomial equation. Additionally, we offer a synthesized attack illustration
of small private key attacks on common prime RSA.Comment: 15 pages, 1 figur
A strategy for recovering roots of bivariate polynomials modulo a prime
Let be a prime and \F_p the finite field with elements.
We show how, when given an irreducible bivariate polynomial f \in \F_p[X,Y] and approximations
to (v_0,v_1) \in \F_p^2 such that , one can recover efficiently, if the approximations are good enough. This result
has been motivated by the predictability problem for non-linear pseudorandom number generators and,
other potential applications to
cryptography
A Tool Kit for Partial Key Exposure Attacks on RSA
Thus far, partial key exposure attacks on RSA have been intensively studied using lattice based Coppersmith\u27s methods. In the context, attackers are given partial information of a secret exponent and prime factors of (Multi-Prime) RSA where the partial information is exposed in various ways. Although these attack scenarios are worth studying, there are several known attacks whose constructions have similar flavor. In this paper, we try to formulate general attack scenarios to capture several existing ones and propose attacks for the scenarios. Our attacks contain all the state-of-the-art partial key exposure attacks, e.g., due to Ernst et al. (Eurocrypt\u2705) and Takayasu-Kunihiro (SAC\u2714, ICISC\u2714), as special cases. As a result, our attacks offer better results than previous best attacks in some special cases, e.g., Sarkar-Maitra\u27s partial key exposure attacks on RSA with the most significant bits of a prime factor (ICISC\u2708) and Hinek\u27s partial key exposure attacks on Multi-Prime RSA (J. Math. Cryptology \u2708). We claim that our contribution is not only generalizations or improvements of the existing results. Since our attacks capture general exposure scenarios, the results can be used as a tool kit; the security of some future variants of RSA can be examined without any knowledge of Coppersmith\u27s methods
Improved Results on Factoring General RSA Moduli with Known Bits
We revisit the factoring with known bits problem on general RSA moduli in the forms of for , where two primes and are of the same bit-size. The relevant moduli are inclusive of , for , and for , which are used in the standard RSA scheme and other RSA-type variants. Previous works acquired the results mainly by solving univariate modular equations.
In contrast, we investigate how to efficiently factor with given leakage of the primes by the integer method using the lattice-based technique in this paper. More precisely, factoring general RSA moduli with known most significant bits (MSBs) of the primes can be reduced to solving bivariate integer equations, which was first proposed by Coppersmith to factor with known high bits. Our results provide a unifying solution to the factoring with known bits problem on general RSA moduli. Furthermore, we reveal that there exists an improved factoring attack via the integer method for particular RSA moduli like and
Solving Generalized Small Inverse Problems
Abstract. We introduce a “generalized small inverse problem (GSIP)” and present an algorithm for solving this problem. GSIP is formulated as finding small solutions of f(x0, x1,..., xn) = x0h(x1,..., xn) + C = 0(mod M) for an n-variate polynomial h, non-zero integers C and M. Our algorithm is based on lattice-based Coppersmith technique. We pro-vide a strategy for construction of a lattice basis for solving f = 0, which are systematically transformed from a lattice basis for solving h = 0. Then, we derive an upper bound such that the target problem can be solved in polynomial time in logM in an explicit form. Since GSIPs in-clude some RSA-related problems, our algorithm is applicable to them. For example, the small key attacks by Boneh and Durfee are re-found automatically. This is a full version of [13]
- …