Public Key Cryptography – PKC 2004

We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ Zφ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in polynomial time for every (N, e) satisfying ex + y = 0 mod φ(N) with

[1]  J. Bourgain,et al.  Estimates for the number of sums and products and for exponential sums over subgroups in fields of prime order , 2003 .

[2]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[3]  Claus-Peter Schnorr,et al.  Stronger Security Proofs for RSA and Rabin Bits , 1997, EUROCRYPT.

[4]  L. Lovász,et al.  Geometric Algorithms and Combinatorial Optimization , 1981 .

[5]  Igor E. Shparlinski,et al.  On the Bit Security of NTRUEncrypt , 2003, Public Key Cryptography.

[6]  Igor E. Shparlinski,et al.  The Hidden Number Problem in Extension Fields and Its Applications , 2002, LATIN.

[7]  Igor E. Shparlinski,et al.  Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation , 2003, Math. Comput..

[8]  Mats Näslund,et al.  A Survey of Hard Core Functions , 2001 .

[9]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[10]  Gustav Hast Nearly One-Sided Tests and the Goldreich-Levin Predicate , 2003, EUROCRYPT.

[11]  Jacques Stern,et al.  The Two Faces of Lattices in Cryptology , 2001, CaLC.

[12]  Igor E. Shparlinski,et al.  On the Security of Diffie-Hellman Bits , 2000, Electron. Colloquium Comput. Complex..

[13]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[14]  I. Shparlinski,et al.  Character Sums with Exponential Functions and their Applications: Introduction , 1999 .

[15]  Igor E. Shparlinski,et al.  Hidden Number Problem with the Trace and Bit Security of XTR and LUC , 2002, CRYPTO.

[16]  Dan Boneh,et al.  Rounding in lattices and its cryptographic applications , 1997, SODA '97.

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[19]  D. H. Brown,et al.  New bounds for Gauss sums derived from kth powers , 2000 .

[20]  Igor E. Shparlinski,et al.  Security of the most significant bits of the Shamir message passing scheme , 2000, Math. Comput..

[21]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.

[22]  A. Shamir Security of Almost ALL Discrete Log Bits , 1998 .

[23]  Igor E. Shparlinski,et al.  Security of most significant bits of gx2 , 2002, Inf. Process. Lett..

[24]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[25]  Igor E. Shparlinski,et al.  The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces , 2001, CaLC.

[26]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[27]  Igor E. Shparlinski,et al.  On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme , 2001, CRYPTO.

[28]  R. Kannan ALGORITHMIC GEOMETRY OF NUMBERS , 1987 .

[29]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[30]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[31]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.