Smallest Reduction Matrix of Binary Quadratic Forms

We present a variant of the Lagrange-Gauss reduction of quadratic forms designed to minimize the norm of the reduction matrix within a quadratic complexity. The matrix computed by our algorithm on the input f has norm \(O(\parallel f \parallel^{1/2}/\Delta_{f}^{1/4})\), which is the square root of the best previously known bounds using classical algorithms. This new bound allows us to fully prove the heuristic lattice based attack against NICE Cryptosystems, which consists in factoring a particular subclass of integers of the form pq 2. In the process, we set up a homogeneous variant of Boneh-Durfee-HowgraveGraham’s algorithm which finds small rational roots of a polynomial modulo unknown divisors. Such algorithm can also be used to speed-up factorization of pq r for large r.

[1]  Johannes Buchmann,et al.  Binary quadratic forms - an algorithmic approach , 2007, Algorithms and computation in mathematics.

[2]  Alexander May,et al.  Using LLL-Reduction for Solving RSA and Factorization Problems , 2010, The LLL Algorithm.

[3]  Jeffrey C. Lagarias,et al.  Worst-Case Complexity Bounds for Algorithms in the Theory of Integral Quadratic Forms , 1980, J. Algorithms.

[4]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[5]  H. C. Williams,et al.  Short Representation of Quadratic Integers , 1995 .

[6]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[7]  H. C. Williams,et al.  Some results concerning certain periodic continued fractions , 2005 .

[8]  D. Boneh,et al.  Factoring N = pr q for large r , 1999 .

[9]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[10]  Alejandro Buchmann,et al.  An analysis of the reduction algorithms for binary quadratic forms , 1997 .

[11]  Graham Coleman Review of binary quadratic forms: an algorithmic approach by Johannes Buchmann and Ulrich Vollmer Springer 2007 , 2010, SIGA.

[12]  Dan Boneh,et al.  Factoring N = prq for Large r , 1999, CRYPTO.

[13]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[14]  Tsuyoshi Takagi,et al.  NICE - New Ideal Coset Encryption , 1999, CHES.

[15]  Fabien Laguillaumie,et al.  On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis , 2009, EUROCRYPT.

[16]  Duncan A. Buell,et al.  Binary Quadratic Forms: Classical Theory and Modern Computations , 1989 .

[17]  Duncan A. Buell,et al.  Binary Quadratic Forms: Classical Theory and Modern Computations , 1989 .

[18]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[19]  Michael J. Jacobson,et al.  An Adaptation of the NICE Cryptosystem to Real Quadratic Orders , 2008, AFRICACRYPT.

[20]  Antoine Joux,et al.  Factoring pq2 with Quadratic Forms: Nice Cryptanalyses , 2009, ASIACRYPT.