106 research outputs found
A strategy for recovering roots of bivariate polynomials modulo a prime
Let be a prime and \F_p the finite field with elements.
We show how, when given an irreducible bivariate polynomial f \in \F_p[X,Y] and approximations
to (v_0,v_1) \in \F_p^2 such that , one can recover efficiently, if the approximations are good enough. This result
has been motivated by the predictability problem for non-linear pseudorandom number generators and,
other potential applications to
cryptography
Recovering zeros of polynomials modulo a prime
Let be a prime and the finite field with elements. We show how, when given an irreducible bivariate polynomial and an approximation to a zero, one can recover the root efficiently, if the approximation is good enough. The strategy can be generalized to polynomials in the variables over the field . These results have been motivated by the predictability problem for nonlinear pseudorandom number generators and other potential applications to cryptography
Computing Puiseux series : a fast divide and conquer algorithm
Let be a polynomial of total degree defined over
a perfect field of characteristic zero or greater than .
Assuming separable with respect to , we provide an algorithm that
computes the singular parts of all Puiseux series of above in less
than operations in , where
is the valuation of the resultant of and its partial derivative with
respect to . To this aim, we use a divide and conquer strategy and replace
univariate factorization by dynamic evaluation. As a first main corollary, we
compute the irreducible factors of in up to an
arbitrary precision with arithmetic
operations. As a second main corollary, we compute the genus of the plane curve
defined by with arithmetic operations and, if
, with bit operations
using a probabilistic algorithm, where is the logarithmic heigth of .Comment: 27 pages, 2 figure
Fast Computation of Special Resultants
We propose fast algorithms for computing composed products and composed sums, as well as diamond products of univariate polynomials. These operations correspond to special multivariate resultants, that we compute using power sums of roots of polynomials, by means of their generating series
Notes on Small Private Key Attacks on Common Prime RSA
We point out critical deficiencies in lattice-based cryptanalysis of common
prime RSA presented in ``Remarks on the cryptanalysis of common prime RSA for
IoT constrained low power devices'' [Information Sciences, 538 (2020) 54--68].
To rectify these flaws, we carefully scrutinize the relevant parameters
involved in the analysis during solving a specific trivariate integer
polynomial equation. Additionally, we offer a synthesized attack illustration
of small private key attacks on common prime RSA.Comment: 15 pages, 1 figur
Approximate Divisor Multiples -- Factoring with Only a Third of the Secret CRT-Exponents
We address Partial Key Exposure attacks on CRT-RSA on secret exponents with small public exponent . For constant it is known that the knowledge of half of the bits of one of suffices to factor the RSA modulus by Coppersmith\u27s famous {\em factoring with a hint} result. We extend this setting to non-constant . Somewhat surprisingly, our attack shows that RSA with of size is most vulnerable to Partial Key Exposure, since in this case only a third of the bits of both suffices to factor in polynomial time, knowing either most significant bits (MSB) or least significant bits (LSB).
Let and . On the technical side, we find the factorization of in a novel two-step approach. In a first step we recover and in polynomial time, in the MSB case completely elementary and in the LSB case using Coppersmith\u27s lattice-based method. We then obtain the prime factorization of by computing the root of a univariate polynomial modulo for our known . This can be seen as an extension of Howgrave-Graham\u27s {\em approximate divisor} algorithm to the case of {\em approximate divisor multiples} for some known multiple of an unknown divisor of . The point of {\em approximate divisor multiples} is that the unknown that is recoverable in polynomial time grows linearly with the size of the multiple .
Our resulting Partial Key Exposure attack with known MSBs is completely rigorous, whereas in the LSB case we rely on a standard Coppersmith-type heuristic. We experimentally verify our heuristic, thereby showing that in practice we reach our asymptotic bounds already using small lattice dimensions. Thus, our attack is highly efficient
A New Method of Constructing a Lattice Basis and Its Applications to Cryptanalyse Short Exponent RSA
We provide a new method of constructing an optimal
lattice. Applying our method to the cryptanalysis of the short exponent
RSA, we obtain our results which extend Boneh and Durfee's work. Our
attack methods are based on a generalization to multivariate modular polynomial
equation. The results illustrate the fact that one should be careful
when using RSA key generation process with special parameters
Cryptanalysis of a Generalized Subset-Sum Pseudorandom Generator
We present attacks on a generalized subset-sum pseudorandom generator, which was proposed by von zur Gathen and Shparlinski in 2004. Our attacks rely on a sub-quadratic algorithm for solving a vectorial variant of the 3SUM problem, which is of independent interest. The attacks presented have complexities well below the brute-force attack, making the generators vulnerable. We provide a thorough analysis of the attacks and their complexities and demonstrate their practicality through implementations and experiments
Computing the eigenvalue in the Schoof-Elkies-Atkin algorithm using Abelian lifts
The Schoof-Elkies-Atkin algorithm is the best known method for counting the number of points of an elliptic curve defined over a finite field of large characteristic. We use abelian properties of division polynomials to design a fast theoretical and practical algorithm for computing the eigenvalue search
- …