Solving Simultaneous Modular Equations of Low Degree
نویسنده
چکیده
We consider the problem of solving systems of equations Pi(x) 0 (mod ni) i = 1 : : : k where Pi are polynomials of degree d and the ni are distinct relatively prime numbers and x < min(ni). We prove that if k > d(d+1) 2 we can recover x in polynomial time provided min(ni) > 2 d . As a consequence the RSA cryptosystem used with a small exponent is not a good choice to use as a public key cryptosystem in a large network. We also show that a protocol by Broder and Dolev [4] is insecure if RSA with a small exponent is used. Warning: Essentially this paper has been published in SIAM Journal on Computing and is hence subject to copyright restrictions. It is for personal use only.
منابع مشابه
Lattice Attacks in Cryptography: A Partial Overview
In this work, we give a partial overview of lattice attacks in cryptography. While different kinds of attacks are considered, the emphasis of this work is given to attacks that are based on Coppersmith’s results for solving low degree multivariate modular equations and bivariate integer equations.
متن کاملA Third-degree B-spline Collocation Scheme for Solving a Class of the Nonlinear Lane–-Emden Type Equations
In this paper, we use a numerical method involving collocation method with third B-splines as basis functions for solving a class of singular initial value problems (IVPs) of Lane--Emden type equation. The original differential equation is modified at the point of singularity. The modified problem is then treated by using B-spline approximation. In the case of non-linear problems, we first line...
متن کاملApplication of the exact operational matrices for solving the Emden-Fowler equations, arising in Astrophysics
The objective of this paper is applying the well-known exact operational matrices (EOMs) idea for solving the Emden-Fowler equations, illustrating the superiority of EOMs over ordinary operational matrices (OOMs). Up to now, a few studies have been conducted on EOMs ; but the solved differential equations did not have high-degree nonlinearity and the reported results could not strongly show the...
متن کاملFinding Small Solutions of a Class of Simultaneous Modular Equations and Applications to Modular Inversion Hidden Number Problem and Inversive Congruential Generator
In this paper we revisit the modular inversion hidden number problem and the inversive congruential pseudo random number generator and consider how to more efficiently attack them in terms of fewer samples or outputs. We reduce the attacking problem to finding small solutions of systems of modular polynomial equations of the form ai+bix0+cixi+x0xi = 0 (mod p), and present two strategies to cons...
متن کاملEFFICIENT SIMULATION FOR OPTIMIZATION OF TOPOLOGY, SHAPE AND SIZE OF MODULAR TRUSS STRUCTURES
The prevalent strategy in the topology optimization phase is to select a subset of members existing in an excessively connected truss, called Ground Structure, such that the overall weight or cost is minimized. Although finding a good topology significantly reduces the overall cost, excessive growth of the size of topology space combined with existence of varied types of design variables challe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- SIAM J. Comput.
دوره 17 شماره
صفحات -
تاریخ انتشار 1988