Efficient factoring based on partial information
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
Solving simultaneous modular equations of low degree
SIAM Journal on Computing - Special issue on cryptography
Improved low-density subset sum algorithms
Computational Complexity
The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Computation of Approximate L-th Roots Modulo n and Application to Cryptography
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Approximate Integer Common Divisors
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring
Journal of Cryptology
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Selective forgery of RSA signatures using redundancy
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Finding small roots of bivariate integer polynomial equations: a direct approach
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Instantiability of RSA-OAEP under chosen-plaintext attack
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Factoring unbalanced moduli with known bits
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Improved cryptanalysis of the multi-prime φ-hiding assumption
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Cryptanalysis of a quadratic compact knapsack public-key cryptosystem
Computers & Mathematics with Applications
Factoring RSA modulus using prime reconstruction from random known bits
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Fault attacks against EMV signatures
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Partial key exposure: generalized framework to attack RSA
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
A new attack on RSA and CRT-RSA
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Optimal bounds for multi-prime Φ-hiding assumption
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Reduction in lossiness of RSA trapdoor permutation
SPACE'12 Proceedings of the Second international conference on Security, Privacy, and Applied Cryptography Engineering
A coding-theoretic approach to recovering noisy RSA keys
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
We study the problem of finding solutions to linear equations modulo an unknown divisor p of a known composite integer N . An important application of this problem is factorization of N with given bits of p . It is well-known that this problem is polynomial-time solvable if at most half of the bits of p are unknown and if the unknown bits are located in one consecutive block. We introduce an heuristic algorithm that extends factoring with known bits to an arbitrary number n of blocks. Surprisingly, we are able to show that ln (2) ≈ 70% of the bits are sufficient for any n in order to find the factorization. The algorithm's running time is however exponential in the parameter n . Thus, our algorithm is polynomial time only for $n = {\mathcal O}(\log\log N)$ blocks.