On Deterministic Polynomial-Time Equivalence of Computing the CRT-RSA Secret Keys and Factoring

Let N = pq be the product of two large primes. Consider Chinese remainder theorem-Rivest, Shamir, Adleman (CRT-RSA) with the public encryption exponent e and private decryption exponents dp, dq. It is well known that given any one of dp or dq (or both) one can factorise N in probabilistic poly(log N) time with success probability almost equal to 1. Though this serves all the practical purposes, from theoretical point of view, this is not a deterministic polynomial time algorithm. In this paper, we present a lattice-based deterministic poly(log N) time algorithm that uses both dp, dq (in addition to the public information e, N) to factorise N for certain ranges of dp, dq. We like to stress that proving the equivalence for all the values of dp, dq may be a nontrivial task. Defence Science Journal, 2012, 62(2), pp.122-126 ,  DOI:http://dx.doi.org/10.14429/dsj. 62.1716

[1]  Alexander May,et al.  A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 , 2007, CRYPTO.

[2]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[3]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[4]  Jean-Sébastien Coron,et al.  Finding Small Roots of Bivariate Integer Polynomial Equations: A Direct Approach , 2007, CRYPTO.

[5]  Jean-Sébastien Coron,et al.  Finding Small Roots of Bivariate Integer Polynomial Equations Revisited , 2004, EUROCRYPT.

[6]  Gary L. Miller,et al.  Riemann's Hypothesis and tests for primality , 1975, STOC.

[7]  Nick Howgrave-Graham,et al.  Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[8]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[9]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[12]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[13]  Alexander May,et al.  Computing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring , 2004, CRYPTO.

[14]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[15]  Alexander May,et al.  A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants , 2006, ASIACRYPT.

[16]  Alexander May,et al.  Using LLL-Reduction for Solving RSA and Factorization Problems , 2010, The LLL Algorithm.

[17]  Jean-Sébastien Coron,et al.  Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring , 2006, Journal of Cryptology.

[18]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .