Gradual sub-lattice reduction and a new complexity for factoring polynomials

We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well

Influence of Seed Size, Planting Depth, and Companion Crop on Emergence and Vigor of Seedlings in Sweetclover

Seed size has been shown to have an important influence on the emergence and early growth of seedlings of several forage legumes, but only fragmentary information on seed size effects in sweetclover (Melilotus spp.) has been published. Therefore, a 2-year study was conducted in which spring and fall seedings of small, medium, and large seeds of \u27Madrid\u27 and \u27N13\u27 sweetclover (Melilotus officinalis (L.) Lam.) were made at depths of 19, 38, and 57 mm. The spring seeding also included a comparison of a companion crop (oats) with no companion crop. Data on emergence score and plant height were collected for the spring seeding only; stand count and dry matter yield of tops and roots were measured for both spring and fall seedings. The companion crop had little effect on emergence score, but it reduced stand count and plant height, and was highly detrimental to dry matter yield. The performance of Madrid was poorer in all respects than that of N13, an experimental cultivar with relatively large seeds. As planting depth was increased, stand counts decreased, but the performance of plants that emerged from the greater depths was relatively good. The most striking results of increased seed size appeared to be improved emergence score and increased dry matter production

Experimenting with Faults, Lattices and the DSA

We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce k used for generating the signature: k will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given su#ciently many signatures such that a few bits of each corresponding k are known. In practice, when one byte of each k is zeroed, 27 signatures are su#cient to disclose the private key. The more bytes of k we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures

On Some Attacks on Multi-prime RSA

Using more than two factors in the modulus of the RSA cryptosystem has the arithmetic advantage that the private key computations can be speeded up using Chinese remaindering. At the same time, with a proper choice of parameters, one does not have to work with a larger modulus to achieve the same level of security in terms of the difficulty of the integer factorization problem. However, numerous attacks on specific instances on the RSA cryptosystem are known that apply if, for example, the decryption or encryption exponent are chosen too small, or if partial knowledge of the private key is available. Little work is known on how such attacks perform in the multi-prime case. It turns out that for most of these attacks it is crucial that the modulus contains exactly two primes. They become much less effective, or fail, when the modulus factors into more than two distinct primes

Secure bilinear Diffie-Hellman bits

9 page(s

Confidential Signatures and Deterministic Signcryption

Encrypt-and-sign, where one encrypts and signs a message in parallel, is usually not recommended for confidential message transmission. The reason is that the signature typically leaks information about the message. This motivates our investigation of confidential signature schemes, which hide all information about (high-entropy) input messages. In this work we provide a formal treatment of confidentiality for such schemes and a comprehensive discussion of the relationship of different notions we propose. We give constructions meeting our notions, both in the random oracle model and the standard model. As part of this we show that full domain hash signatures achieve a weaker level of confidentiality than Fiat-Shamir signatures. We then revisit the connection of confidential signatures to signcryption schemes. We give formal security models for deterministic signcryption schemes for high-entropy and low-entropy messages, and prove encrypt-and-sign to be secure for confidential signature schemes and high-entropy messages. Finally, we show that one can derandomize any signcryption scheme in our model and obtain a secure deterministic scheme