Rounding LLL: Finding Faster Small Roots of Univariate Polynomial Congruences
نویسندگان
چکیده
In a seminal work at EUROCRYPT ’96, Coppersmith showed how to find all small roots of a univariate polynomial congruence in polynomial time: this has found many applications in public-key cryptanalysis and in a few security proofs. However, the running time of the algorithm is a high-degree polynomial, which limits experiments: the bottleneck is an LLL reduction of a high-dimensional matrix with extra-large coefficients. We present in this paper a polynomial speedup over Coppersmith’s algorithm. Our improvement is based on a special property of the matrices used by Coppersmith’s algorithm, which allows us to speed up the LLL reduction by rounding. The exact speedup depends on the LLL algorithm used: for instance, the speedup is quadratic in the bit-size of the small-root bound if one uses the Nguyen-Stehlé L algorithm.
منابع مشابه
Rounding and Chaining LLL: Finding Faster Small Roots of Univariate Polynomial Congruences
In a seminal work at EUROCRYPT '96, Coppersmith showed how to nd all small roots of a univariate polynomial congruence in polynomial time: this has found many applications in public-key cryptanalysis and in a few security proofs. However, the running time of the algorithm is a high-degree polynomial, which limits experiments: the bottleneck is an LLL reduction of a high-dimensional matrix with ...
متن کاملFinding Small Roots of Univariate Modular Equations Revisited
An alternative technique for finding small roots of univaxiate modular equations is described. This approach is then compared with that taken in (Coppersmith, 1996), which links the concept of the dual lattice (see (Cassels, 1971)) to the LLL algorithm (see (Lenstra et al., 1982)). Timing results comparing both algorithms are given, and practical considerations axe discussed. This work has dire...
متن کاملCryptographic Applications of Capacity Theory: On the Optimality of Coppersmith's Method for Univariate Polynomials
We draw a new connection between Coppersmith’s method for finding small solutions to polynomial congruences modulo integers and the capacity theory of adelic subsets of algebraic curves. Coppersmith’s method uses lattice basis reduction to construct an auxiliary polynomial that vanishes at the desired solutions. Capacity theory provides a toolkit for proving when polynomials with certain bounde...
متن کاملUsing LLL-Reduction for Solving RSA and Factorization Problems: A Survey
25 years ago, Lenstra, Lenstra and Lovasz presented their celebrated LLL lattice reduction algorithm. Among the various applications of the LLL algorithm is a method due to Coppersmith for finding small roots of polynomial equations. We give a survey of the applications of this root finding method to the problem of inverting the RSA function and the factorization problem. As we will see, most o...
متن کاملUsing LLL-Reduction for Solving RSA and Factorization Problems
25 years ago, Lenstra, Lenstra and Lovász presented their celebrated LLL lattice reduction algorithm. Among the various applications of the LLL algorithm is a method due to Coppersmith for finding small roots of polynomial equations. We give a survey of the applications of this root finding method to the problem of inverting the RSA function and the factorization problem. As we will see, most o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2013 شماره
صفحات -
تاریخ انتشار 2013