A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants
نویسندگان
چکیده
We describe a strategy for finding small modular and integer roots of multivariate polynomials using lattice-based Coppersmith techniques. Applying our strategy, we obtain new polynomial-time attacks on two RSA variants. First, we attack the Qiao-Lam scheme that uses a Chinese Remaindering decryption process with a small difference in the private exponents. Second, we attack the so-called Common Prime RSA variant, where the RSA primes are constructed in a way that circumvents the Wiener attack.
منابع مشابه
New Partial Key Exposure Attacks on RSA Revisited
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e > N . Attacks for known most significant bits and known least significant bits were presented. In this work, we extend their attacks to multi-prime RSA. For r-prime RSA, these result in the first known p...
متن کاملFault Attacks on RSA Signatures with Partially Unknown Messages
Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced fault-based attacks on crt-rsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However, the attack does not apply when the message is partially unknown, for example when it contains some randomn...
متن کاملFault Attacks on Randomized RSA Signatures
Fault attacks exploit hardware malfunctions or induce them to recover secret keys embedded in a secure device such as a smart card. In the late 90’s, Boneh, DeMillo and Lipton [6] and other authors introduced fault-based attacks on crt-rsa which allow the attacker to factor the signer’s modulus when the message padding function is deterministic. Since then, extending fault attacks to randomized...
متن کاملOperational matrices with respect to Hermite polynomials and their applications in solving linear differential equations with variable coefficients
In this paper, a new and efficient approach is applied for numerical approximation of the linear differential equations with variable coeffcients based on operational matrices with respect to Hermite polynomials. Explicit formulae which express the Hermite expansion coeffcients for the moments of derivatives of any differentiable function in terms of the original expansion coefficients of the f...
متن کاملSolving Linear Equations Modulo Unknown Divisors: Revisited
We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor p for a known composite integer N . In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equation...
متن کامل