On Deterministic Polynomial-Time Equivalence of Computing the CRT-RSA Secret Keys and Factoring
نویسندگان
چکیده
Let N = pq be the product of two large primes. Consider CRT-RSA with the public encryption exponent e and private decryption exponents dp, dq. It is well known that given any one of dp or dq (or both) one can factorize N in probabilistic poly(logN) time with success probability almost equal to 1. Though this serves all the practical purposes, from theoretical point of view, this is not a deterministic polynomial time algorithm. In this paper, we present a lattice based deterministic poly(logN) time algorithm that uses both dp, dq (in addition to the public information e,N) to factorize N for certain ranges of dp, dq. We like to stress that proving the equivalence for all the values of dp, dq may be a nontrivial task.
منابع مشابه
Deterministic Polynomial Time Equivalence Between Factoring and Key-Recovery Attack on Takagi's RSA
For RSA, May showed a deterministic polynomial time equivalence of computing d to factoring N(= pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = pq while ed = 1 mod (p−1)(q−1). In this paper, we show that a deterministic polynomial time equivalence also holds in this variant. The coefficient matrix T to which LL...
متن کاملComputing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring
We address one of the most fundamental problems concerning the RSA cryptoscheme: Does the knowledge of the RSA public key/ secret key pair (e, d) yield the factorization of N = pq in polynomial time? It is well-known that there is a probabilistic polynomial time algorithm that on input (N, e, d) outputs the factors p and q. We present the first deterministic polynomial time algorithm that facto...
متن کاملMinkowski sum based lattice construction for solving simultaneous modular equations and applications to RSA
We investigate a lattice construction method for the Coppersmith technique for finding small solu-tions of a modular equation. We consider its variant for simultaneous equations and propose a methodto construct a lattice by combining lattices for solving single equations. As applications, we consider(i) a new RSA cryptanalysis for multiple short secret exponents, (ii) its partial ke...
متن کاملSome applications of lattice based root finding techniques
In this paper we present some problems and their solutions exploiting lattice based root finding techniques. In CaLC 2001, Howgrave-Graham proposed a method to find the Greatest Common Divisor (GCD) of two large integers when one of the integers is exactly known and the other one is known approximately. In this paper, we present three applications of the technique. The first one is to show dete...
متن کاملFactorization of a 512-Bit RSA Modulus
On August we completed the factorization of the bit digit number RSA with the help of the Number Field Sieve factoring method NFS This is a new record for factoring general numbers Moreover bit RSA keys are frequently used for the protection of electronic commerce at least outside the USA so this factorization represents a breakthrough in research on RSA based systems The previous record factor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009