How to choose secret parameters for RSA and its extensions to elliptic curves
نویسنده
چکیده
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA and its extensions to elliptic curves. Over elliptic curves, the analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length and the form of the RSA-modulus n are typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.
منابع مشابه
How to choose secret parameters for RSA - typecryptosystems over
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more diicult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent fact...
متن کاملAn Efficient Threshold Verifiable Multi-Secret Sharing Scheme Using Generalized Jacobian of Elliptic Curves
In a (t,n)-threshold secret sharing scheme, a secret s is distributed among n participants such that any group of t or more participants can reconstruct the secret together, but no group of fewer than t participants can do. In this paper, we propose a verifiable (t,n)-threshold multi-secret sharing scheme based on Shao and Cao, and the intractability of the elliptic curve discrete logar...
متن کاملEfficient elliptic curve cryptosystems
Elliptic curve cryptosystems (ECC) are new generations of public key cryptosystems that have a smaller key size for the same level of security. The exponentiation on elliptic curve is the most important operation in ECC, so when the ECC is put into practice, the major problem is how to enhance the speed of the exponentiation. It is thus of great interest to develop algorithms for exponentiation...
متن کاملQuantum-Resistant Diffie-Hellman Key Exchange from Supersingular Elliptic Curve Isogenies
Possibility of the emergence of quantum computers in the near future, pose a serious threat against the security of widely-used public key cryptosystems such as RSA or Elliptic Curve Cryptography (ECC). Algorithms involving isogeny computations on supersingular elliptic curves have been shown to be difficult to break, even to quantum computers. Thus, isogeny-based protocols represent promising ...
متن کاملDifferential Fault Attacks on Elliptic Curve Cryptosystems
In this paper we extend the ideas for differential fault attacks on the RSA cryptosystem (see [4]) to schemes using elliptic curves. We present three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device. The effectiveness of the attacks was proven in a software simulatio...
متن کامل