Factoring N = pq
نویسندگان
چکیده
We discuss the problem of factoring N = pq and survey some approaches. We then present a specialized factoring algorithm that runs in time Õ(q0.31), which is comparable to the runtime Õ(p) of the factoring algorithm for integers of the form N = pq presented in [1]. We then survey the factoring algorithm of [1] and discuss the number of advice bits needed for it to run in polynomial time. Furthermore, we discuss the possibility of constructing cryptographic primitives from the assumption that pq is hard to factor. We present our attempt at constructing key agreement and discuss the difficulties of building this primitive from the hardness of factoring pq.
منابع مشابه
De Factorisatione Numerorum I : In Pursuit of the Erymanthian Boar
Abstract. We introduce a new deterministic factoring algorithm, which could be described in the fashionable term of “factoring with hints”: we show that, given the knowledge of the factorisations of O(N) terms following N = pq product of two large primes, we can recover deterministically p and q in O(N) bit operations. Although this is slower than the current best factoring algorithms, this met...
متن کاملIND-CCA Public Key Schemes Equivalent to Factoring n=pq
Indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) is the strongest notion for security of public key schemes. In this paper, we present the rst IND-CCA2 schemes whose securities are equivalent to factoring n = pq under the random oracle model, where p and q are prime numbers. Our rst scheme works for long messages and our second scheme is more e cient for short messages.
متن کاملDeterministic Polynomial Time Equivalence Between Factoring and Key-Recovery Attack on Takagi's RSA
For RSA, May showed a deterministic polynomial time equivalence of computing d to factoring N(= pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = pq while ed = 1 mod (p−1)(q−1). In this paper, we show that a deterministic polynomial time equivalence also holds in this variant. The coefficient matrix T to which LL...
متن کاملOn the Security of EPOC and TSH-ESIGN
We submitted a public-key encryption scheme, EPOC, and digital signature scheme, TSH-ESIGN, to IEEE P1363a. The security of EPOC and TSH-ESIGN is based on the intractability of factoring n = pq, where p and q are primes. TSH-ESIGN is also based on the intractability of the approximate e-th root (AERP) assumption, which is the approximate version of the RSA assumption. This draft describes the l...
متن کاملA Variant of the Schmidt-Takagi Encryption Scheme
Schmidt and Takagi proposed a variant of the Paillier encryption scheme which employs modulus n = pq [16]. Their scheme has a good property that the one-wayness is under the factoring assumption, and has an additively homomorphic property. Their scheme can be applied to trapdoor commitment and on-line/off-line signature. In this paper, we propose a new variant of the Schmidt-Takagi encryption s...
متن کامل