New attacks on RSA with Moduli N = p^r q

International audienceWe present three attacks on the Prime Power RSA with mod-ulus N = p^r q. In the first attack, we consider a public exponent e satisfying an equation ex − φ(N)y = z where φ(N) = p^(r−1 )(p − 1)(q − 1). We show that one can factor N if the parameters |x| and |z| satisfy |xz| < N r(r−1) (r+1)/ 2 thereby extending the recent results of Sakar [16]. In the second attack, we consider two public exponents e1 and e2 and their corresponding private exponents d1 and d2. We show that one can factor N when d1 and d2 share a suitable amount of their most significant bits, that is |d1 − d2| < N r(r−1) (r+1) /2. The third attack enables us to factor two Prime Power RSA moduli N1 = p1^r q1 and N2 = p2^r q2 when p1 and p2 share a suitable amount of their most significant bits, namely, |p1 − p2| < p1/(2rq1 q2)

Applications of Neural Network-Based AI in Cryptography

Artificial intelligence (AI) is a modern technology that allows plenty of advantages in daily life, such as predicting weather, finding directions, classifying images and videos, even automatically generating code, text, and videos. Other essential technologies such as blockchain and cybersecurity also benefit from AI. As a core component used in blockchain and cybersecurity, cryptography can benefit from AI in order to enhance the confidentiality and integrity of cyberspace. In this paper, we review the algorithms underlying four prominent cryptographic cryptosystems, namely the Advanced Encryption Standard, the Rivest--Shamir--Adleman, Learning With Errors, and the Ascon family of cryptographic algorithms for authenticated encryption. Where possible, we pinpoint areas where AI can be used to help improve their security

New attacks on RSA with Moduli N=prqN=p^rq

We present three attacks on the Prime Power RSA with modulus $N=p^rq$. In the first attack, we consider a public exponent $e$ satisfying an equation $ex-\phi(N)y=z$ where $\phi(N)=p^{r-1}(p-1)(q-1)$. We show that one can factor $N$ if the parameters $|x|$ and $|z|$ satisfy $|xz|<N^\frac{r(r-1)}{(r+1)^2}$ thereby extending the recent results of Sakar~\cite{SARKAR}. In the second attack, we consider two public exponents $e_1$ and $e_2$ and their corresponding private exponents $d_1$ and $d_2$. We show that one can factor $N$ when $d_1$ and $d_2$ share a suitable amount of their most significant bits, that is $|d_1-d_2|<N^{\frac{r(r-1)}{(r+1)^2}}$. The third attack enables us to factor two Prime Power RSA moduli $N_1=p_1^rq_1$ and $N_2=p_2^rq_2$ when $p_1$ and $p_2$ share a suitable amount of their most significant bits, namely, $|p_1-p_2|<\frac{p_1}{2rq_1q_2}$

Lattice Attacks on the DGHV Homomorphic Encryption Scheme

In 2010, van Dijk, Gentry, Halevi, and Vaikuntanathan described the first fully homomorphic encryption over the integers, called DGHV. The scheme is based on a set of $m$ public integers $c_i=pq_i+r_i$, $i=1,\cdots,m$, where the integers $p$, $q_i$ and $r_i$ are secret. In this paper, we describe two lattice-based attacks on DGHV. The first attack is applicable when $r_1=0$ and the public integers $c_i$ satisfy a linear equation $a_2c_2+\ldots+a_mc_m=a_1q_1$ for suitably small integers $a_i$, $i=2,\ldots,m$. The second attack works when the positive integers $q_i$ satisfy a linear equation $a_1q_1+\ldots+a_mq_m=0$ for suitably small integers $a_i$, $i=1,\ldots,m$. We further apply our methods for the DGHV recommended parameters as specified in the original work of van Dijk, Gentry, Halevi, and Vaikuntanathan

Applications of Neural Network-Based AI in Cryptography

Artificial intelligence (AI) is a modern technology that allows plenty of advantages in daily life, such as predicting weather, finding directions, classifying images and videos, even automatically generating code, text, and videos. Other essential technologies such as blockchain and cybersecurity also benefit from AI. As a core component used in blockchain and cybersecurity, cryptography can benefit from AI in order to enhance the confidentiality and integrity of cyberspace. In this paper, we review the algorithms underlying four prominent cryptographic cryptosystems, namely the Advanced Encryption Standard, the Rivest–Shamir–Adleman, Learning with Errors, and the Ascon family of cryptographic algorithms for authenticated encryption. Where possible, we pinpoint areas where AI can be used to help improve their security

Factoring RSA moduli with weak prime factors

In this paper, we study the problem of factoring an RSA modulus $N=pq$ in polynomial time, when $p$ is a weak prime, that is, $p$ can be expressed as $ap=u_0+M_1u_1+\ldots+M_ku_k$ for some $k$ integers $M_1,\ldots, M_k$ and $k+2$ suitably small parameters $a$, $u_0,\ldots u_k$. We further compute a lower bound for the set of weak moduli, that is, moduli made of at least one weak prime, in the interval $[2^{2n},2^{2(n+1)}]$ and show that this number is much larger than the set of RSA prime factors satisfying Coppersmith\u27s conditions, effectively extending the likelihood for factoring RSA moduli. We also prolong our findings to moduli composed of two weak primes

Factoring RSA moduli with weak prime factors

International audienceIn this paper, we study the problem of factoring an RSA modulus N = pq in polynomial time, when p is a weak prime, that is, p can be expressed as ap = u0 + M1u1 +. .. + M k u k for some k integers M1,. .. , M k and k + 2 suitably small parameters a, u0,. .. u k. We further compute a lower bound for the set of weak moduli, that is, moduli made of at least one weak prime, in the interval [2^(2n) , 2 ^(2(n+1)) ] and show that this number is much larger than the set of RSA prime factors satisfying Coppersmith's conditions, effectively extending the likelihood for factoring RSA moduli. We also prolong our findings to moduli composed of two weak primes

Progress in Cryptology -- AFRICACRYPT 2018

International audienc