Minkowski Sum Based Lattice Construction for Multivariate Simultaneous Coppersmith's Technique and Applications to RSA
نویسنده
چکیده
We investigate a lattice construction method for the Coppersmith technique for finding small solutions of a modular equation. We consider its variant for simultaneous equations and propose a method to construct a lattice by combining lattices for solving single equations. As applications, we consider a new RSA cryptanalyses. Our algorithm can factor an RSA modulus from l ≥ 2 pairs of RSA public exponents with the common modulus corresponding to secret exponents smaller than N (9l−5)/(12l+4), which improves on the previously best known result by Sarkar and Maitra. For partial key exposure situation, we also can factor the modulus if β− δ/2+1/4 < (3l−1)(3l+1), where β and δ are bit-lengths / logN of the secret exponent and its exposed LSBs, respectively.
منابع مشابه
Minkowski sum based lattice construction for solving simultaneous modular equations and applications to RSA
We investigate a lattice construction method for the Coppersmith technique for finding small solu-tions of a modular equation. We consider its variant for simultaneous equations and propose a methodto construct a lattice by combining lattices for solving single equations. As applications, we consider(i) a new RSA cryptanalysis for multiple short secret exponents, (ii) its partial ke...
متن کاملThe E ectiveness of Lattice Attacks AgainstLow - Exponent
At Eurocrypt '96, Coppersmith presented a novel application of lattice reduction to nd small roots of a univariate modular polynomial equation. This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications a la Hast ad. Theoretically, these are the most powerful know...
متن کاملCoppersmith's lattices and "focus groups": an attack on small-exponent RSA
We present a principled technique for reducing the matrix size in some applications of Coppersmith’s lattice method for finding roots of modular polynomial equations. It relies on an analysis of the actual performance of Coppersmith’s attack for smaller parameter sizes, which can be thought of as “focus group” testing. When applied to the small-exponent RSA problem, it reduces lattice dimension...
متن کاملAlternative approaches to obtain t-norms and t-conorms on bounded lattices
Triangular norms in the study of probabilistic metric spaces as a special kind of associative functions defined on the unit interval. These functions have found applications in many areas since then. In this study, we present new methods for constructing triangular norms and triangular conorms on an arbitrary bounded lattice under some constraints. Also, we give some illustrative examples for t...
متن کاملToward a Rigorous Variation of Coppersmith's Algorithm on Three Variables
In 1996, Coppersmith introduced two lattice reduction based techniques to find small roots in polynomial equations. One technique works for modular univariate polynomials, the other for bivariate polynomials over the integers. Since then, these methods have been used in a huge variety of cryptanalytic applications. Some applications also use extensions of Coppersmith’s techniques on more variab...
متن کامل