99 research outputs found
Solving Linear Equations Modulo Unknown Divisors: Revisited
We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor for a known composite integer .
In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equations by Herrmann and May (Asiacrypt\u2708) and simultaneous modular univariate linear equations by Cohn and Heninger (ANTS\u2712). Their algorithms have many important applications in cryptanalysis, such as factoring with known bits problem, fault attacks on RSA signatures, analysis of approximate GCD problem, etc.
In this paper, by introducing multiple parameters, we propose several generalizations of the above equations. The motivation behind these extensions is that some attacks on RSA variants can be reduced to solving these generalized equations, and previous algorithms do not apply. We present new approaches to solve them, and compared with previous methods, our new algorithms are more flexible and especially suitable for some cases. Applying our algorithms, we obtain the best analytical/experimental results for some attacks on RSA and its variants, specifically,
\begin{itemize}
\item We improve May\u27s results (PKC\u2704) on small secret exponent attack on RSA variant with moduli ().
\item We experimentally improve Boneh et al.\u27s algorithm (Crypto\u2798) on factoring () with known bits problem.
\item We significantly improve Jochemsz-May\u27 attack (Asiacrypt\u2706) on Common Prime RSA.
\item We extend Nitaj\u27s result (Africacrypt\u2712) on weak encryption exponents of RSA and CRT-RSA.
\end{itemize
Finding Small Solutions of the Equation and Its Applications to Cryptanalysis of the RSA Cryptosystem
In this paper, we study the condition of finding small solutions of the equation . The framework is derived from Wiener\u27s small private exponent attack on RSA and May-Ritzenhofen\u27s investigation about the implicit factorization problem, both of which can be generalized to solve the above equation. We show that these two methods, together with Coppersmith\u27s method, are equivalent for solving in the general case. Then based on Coppersmith\u27s method, we present two improvements for solving in some special cases. The first improvement pays attention to the case where either or is large enough. As the applications of this improvement, we propose some new cryptanalysis of RSA, such as new results about the generalized implicit factorization problem, attacks with known bits of the prime factor, and so on. The motivation of these applications comes from oracle based complexity of factorization problems. The second improvement assumes that the value of is known. We present two attacks on RSA as its applications. One focuses on the case with known bits of the private exponent together with the prime factor, and the other considers the case with a small difference of the two prime factors. Our new attacks on RSA improve the previous corresponding results respectively, and the correctness of the approach is verified by experiments
A New Method of Constructing a Lattice Basis and Its Applications to Cryptanalyse Short Exponent RSA
We provide a new method of constructing an optimal
lattice. Applying our method to the cryptanalysis of the short exponent
RSA, we obtain our results which extend Boneh and Durfee's work. Our
attack methods are based on a generalization to multivariate modular polynomial
equation. The results illustrate the fact that one should be careful
when using RSA key generation process with special parameters
The Impact of Quantum Computing on Present Cryptography
The aim of this paper is to elucidate the implications of quantum computing
in present cryptography and to introduce the reader to basic post-quantum
algorithms. In particular the reader can delve into the following subjects:
present cryptographic schemes (symmetric and asymmetric), differences between
quantum and classical computing, challenges in quantum computing, quantum
algorithms (Shor's and Grover's), public key encryption schemes affected,
symmetric schemes affected, the impact on hash functions, and post quantum
cryptography. Specifically, the section of Post-Quantum Cryptography deals with
different quantum key distribution methods and mathematicalbased solutions,
such as the BB84 protocol, lattice-based cryptography, multivariate-based
cryptography, hash-based signatures and code-based cryptography.Comment: 10 pages, 1 figure, 3 tables, journal article - IJACS
- …