14 research outputs found
Gradual sub-lattice reduction and a new complexity for factoring polynomials
We present a lattice algorithm specifically designed for some classical
applications of lattice reduction. The applications are for lattice bases with
a generalized knapsack-type structure, where the target vectors are boundably
short. For such applications, the complexity of the algorithm improves
traditional lattice reduction by replacing some dependence on the bit-length of
the input vectors by some dependence on the bound for the output vectors. If
the bit-length of the target vectors is unrelated to the bit-length of the
input, then our algorithm is only linear in the bit-length of the input
entries, which is an improvement over the quadratic complexity floating-point
LLL algorithms. To illustrate the usefulness of this algorithm we show that a
direct application to factoring univariate polynomials over the integers leads
to the first complexity bound improvement since 1984. A second application is
algebraic number reconstruction, where a new complexity bound is obtained as
well
Influence of Seed Size, Planting Depth, and Companion Crop on Emergence and Vigor of Seedlings in Sweetclover
Seed size has been shown to have an important influence on the emergence and early growth of seedlings of several forage legumes, but only fragmentary information on seed size effects in sweetclover (Melilotus spp.) has been published. Therefore, a 2-year study was conducted in which spring and fall seedings of small, medium, and large seeds of \u27Madrid\u27 and \u27N13\u27 sweetclover (Melilotus officinalis (L.) Lam.) were made at depths of 19, 38, and 57 mm. The spring seeding also included a comparison of a companion crop (oats) with no companion crop. Data on emergence score and plant height were collected for the spring seeding only; stand count and dry matter yield of tops and roots were measured for both spring and fall seedings. The companion crop had little effect on emergence score, but it reduced stand count and plant height, and was highly detrimental to dry matter yield. The performance of Madrid was poorer in all respects than that of N13, an experimental cultivar with relatively large seeds. As planting depth was increased, stand counts decreased, but the performance of plants that emerged from the greater depths was relatively good. The most striking results of increased seed size appeared to be improved emergence score and increased dry matter production
Experimenting with Faults, Lattices and the DSA
We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce k used for generating the signature: k will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given su#ciently many signatures such that a few bits of each corresponding k are known. In practice, when one byte of each k is zeroed, 27 signatures are su#cient to disclose the private key. The more bytes of k we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures
On Some Attacks on Multi-prime RSA
Using more than two factors in the modulus of the RSA cryptosystem has the arithmetic advantage that the private key computations can be speeded up using Chinese remaindering. At the same time, with a proper choice of parameters, one does not have to work with a larger modulus to achieve the same level of security in terms of the difficulty of the integer factorization problem. However, numerous attacks on specific instances on the RSA cryptosystem are known that apply if, for example, the decryption or encryption exponent are chosen too small, or if partial knowledge of the private key is available. Little work is known on how such attacks perform in the multi-prime case. It turns out that for most of these attacks it is crucial that the modulus contains exactly two primes. They become much less effective, or fail, when the modulus factors into more than two distinct primes
Confidential Signatures and Deterministic Signcryption
Encrypt-and-sign, where one encrypts and signs a message in
parallel, is usually not recommended for confidential message
transmission. The reason is that the signature typically leaks
information about the message. This motivates our investigation of
confidential signature schemes, which hide all information about
(high-entropy) input messages. In this work we provide a formal
treatment of confidentiality for such schemes and a comprehensive
discussion of the relationship of different notions we propose. We
give constructions meeting our notions, both in the random oracle
model and the standard model. As part of this we show that full
domain hash signatures achieve a weaker level of confidentiality
than Fiat-Shamir signatures. We then revisit the connection of
confidential signatures to signcryption schemes. We give formal
security models for deterministic signcryption schemes for
high-entropy and low-entropy messages, and prove encrypt-and-sign to
be secure for confidential signature schemes and high-entropy
messages. Finally, we show that one can derandomize any signcryption
scheme in our model and obtain a secure deterministic scheme