Factorization of Square-Free Integers with High Bits Known

In this paper we propose an algorithm of factoring any integer N which has k different prime factors with the same bit-length, when high-order bits of each prime factor are given. For a fixed e, the running time of our algorithm is heuristic polynomial in (logN). Our factoring algorithm is based on a new lattice-based algorithm of solving any k-variate polynomial equation over ℤ, which might be an independent interest.

[1]  Tsuyoshi Takagi,et al.  Fast RSA-Type Cryptosystem Modulo pkq , 1998, CRYPTO.

[2]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[3]  Onur Aciiçmez,et al.  Improving Brumley and Boneh timing attack on unprotected SSL implementations , 2005, CCS '05.

[4]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[5]  M. Jason Hinek,et al.  On Some Attacks on Multi-prime RSA , 2002, Selected Areas in Cryptography.

[6]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[7]  Jean-Sébastien Coron,et al.  Finding Small Roots of Bivariate Integer Polynomial Equations Revisited , 2004, EUROCRYPT.

[8]  Nick Howgrave-Graham,et al.  Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[9]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[10]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[11]  Dan Boneh,et al.  Fast Variants of RSA , 2007 .

[12]  Jacques Stern,et al.  Fair Encryption of RSA Keys , 2000, EUROCRYPT.

[13]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[14]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[15]  Don Coppersmith,et al.  Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known , 1996, EUROCRYPT.