On Deterministic Polynomial-Time Equivalence of Computing the CRT-RSA Secret Keys and Factoring

نویسندگان

  • Subhamoy Maitra
  • Santanu Sarkar
چکیده

Let N = pq be the product of two large primes. Consider CRT-RSA with the public encryption exponent e and private decryption exponents dp, dq. It is well known that given any one of dp or dq (or both) one can factorize N in probabilistic poly(logN) time with success probability almost equal to 1. Though this serves all the practical purposes, from theoretical point of view, this is not a deterministic polynomial time algorithm. In this paper, we present a lattice based deterministic poly(logN) time algorithm that uses both dp, dq (in addition to the public information e,N) to factorize N for certain ranges of dp, dq. We like to stress that proving the equivalence for all the values of dp, dq may be a nontrivial task.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Deterministic Polynomial Time Equivalence Between Factoring and Key-Recovery Attack on Takagi's RSA

For RSA, May showed a deterministic polynomial time equivalence of computing d to factoring N(= pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N = pq while ed = 1 mod (p−1)(q−1). In this paper, we show that a deterministic polynomial time equivalence also holds in this variant. The coefficient matrix T to which LL...

متن کامل

Computing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring

We address one of the most fundamental problems concerning the RSA cryptoscheme: Does the knowledge of the RSA public key/ secret key pair (e, d) yield the factorization of N = pq in polynomial time? It is well-known that there is a probabilistic polynomial time algorithm that on input (N, e, d) outputs the factors p and q. We present the first deterministic polynomial time algorithm that facto...

متن کامل

Minkowski sum based lattice construction for solving simultaneous modular equations and applications to RSA

We investigate a lattice construction method for the Coppersmith technique for finding small solu-tions of a modular equation. We consider its variant for simultaneous equations and propose a methodto construct a lattice by combining lattices for solving single equations. As applications, we consider(i) a new RSA cryptanalysis for multiple short secret exponents, (ii) its partial ke...

متن کامل

Some applications of lattice based root finding techniques

In this paper we present some problems and their solutions exploiting lattice based root finding techniques. In CaLC 2001, Howgrave-Graham proposed a method to find the Greatest Common Divisor (GCD) of two large integers when one of the integers is exactly known and the other one is known approximately. In this paper, we present three applications of the technique. The first one is to show dete...

متن کامل

Factorization of a 512-Bit RSA Modulus

On August we completed the factorization of the bit digit number RSA with the help of the Number Field Sieve factoring method NFS This is a new record for factoring general numbers Moreover bit RSA keys are frequently used for the protection of electronic commerce at least outside the USA so this factorization represents a breakthrough in research on RSA based systems The previous record factor...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2009  شماره 

صفحات  -

تاریخ انتشار 2009