Attack on RSA-Type Cryptosystems Based on Singular Cubic Curves over Z/nZ
نویسندگان
چکیده
Several RSA-type cryptosystems based on singular cubic curves have been proposed in recent years (cf. Koyama, Lecture notes in Computer Science, vol. 921, Springer, Berlin, 1995, pp. 329–339; Kuwakado, IEICE Trans. Fund. E78-A (1995) 27–33; Koyama, IEICE Trans. Fund. E77-A (1994) 1309–1318). We show that these schemes are equivalent and demonstrate that they are insecure if a linear relation is known between two plaintexts. c © 1999 Elsevier Science B.V. All rights reserved.
منابع مشابه
Equivalence of Counting the Number of Points on Elliptic Curve over the Ring Zn and Factoring n
1 I n t r o d u c t i o n Elliptic curves can be applied to public-key cryptosystems, and as such several schemes have been proposed [3, 4, 5, 6, 9, 11]. There are two typical elliptic curve cryptosystems: E1Gamal-type scheme [4, 11] and RSA-type schemes [3, 5, 6]. The security of the EIGamal-type elliptic curve cryptosystem is based on the difficulty of solving a discrete logarithm over ellipt...
متن کاملA generalized attack on RSA type cryptosystems
Let N = pq be an RSA modulus with unknown factorization. Some variants of the RSA cryptosystem, such as LUC, RSA with Gaussian primes and RSA type schemes based on singular elliptic curves use a public key e and a private key d satisfying an equation of the form ed − k ( p − 1 ) ( q − 1 ) = 1. In this paper, we consider the general equation ex− ( p − 1 ) ( q − 1 ) y = z and present a new attack...
متن کاملA New Attack on Three Variants of the RSA Cryptosystem
In 1995, Kuwakado, Koyama and Tsuruoka presented a new RSA-type scheme based on singular cubic curves y2 ≡ x3+bx2 (mod N) where N = pq is an RSA modulus. Then, in 2002, Elkamchouchi, Elshenawy and Shaban introduced an extension of the RSA scheme to the field of Gaussian integers using a modulus N = PQ where P and Q are Gaussian primes such that p = |P| and q = |Q| are ordinary primes. Later, in...
متن کاملOn Security of Koyama Scheme
An attack is possible upon all three RSA analogue PKCs based on singular cubic curves given by Koyama. While saying so, Seng et al observed that the scheme become insecure if a linear relation is known between two plaintexts. In this case, attacker has to compute greatest common divisor of two polynomials corresponding to those two plaintexts. However, the computation of greatest common divisor...
متن کاملHow to choose secret parameters for RSA - typecryptosystems over
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more diicult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent fact...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Theor. Comput. Sci.
دوره 226 شماره
صفحات -
تاریخ انتشار 1999