Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint

Authors:
Alexander May;Maike Ritzenhofen
Affiliations:
Horst Görtz Institute for IT-security Faculty of Mathematics, Ruhr-University of Bochum, Bochum, Germany 44780;Horst Görtz Institute for IT-security Faculty of Mathematics, Ruhr-University of Bochum, Bochum, Germany 44780
Venue:
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Year:
2009

Citing 15
Cited 2

Algorithms to construct Minkowski reduced and Hermite reduced lattice bases

Theoretical Computer Science
Efficient factoring based on partial information

Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
The quadratic sieve factoring algorithm

Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Minkowski's convex body theorem and integer programming

Mathematics of Operations Research
Matrix analysis and applied linear algebra

Matrix analysis and applied linear algebra
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Complexity of Lattice Problems

Complexity of Lattice Problems
An Advantage of Low-Exponent RSA with Modulus Primes Sharing Least Significant Bits

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Closest Vectors, Successive Minima, and Dual HKZ-Bases of Lattices

ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Solutions to Small Degree Polynomials

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Algorithms for quantum computation: discrete logarithms and factoring

SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Finding a small root of a bivariate integer equation; factoring with high bits known

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Simple backdoors for RSA key generation

CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Floating-Point LLL revisited

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Factoring unbalanced moduli with known bits

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Implicit factoring with shared most significant and middle bits

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We address the problem of polynomial time factoring RSA moduli N 1 = p 1 q 1 with the help of an oracle. As opposed to other approaches that require an oracle that explicitly outputs bits of p 1 , we use an oracle that gives only implicit information about p 1 . Namely, our oracle outputs a different N 2 = p 2 q 2 such that p 1 and p 2 share the t least significant bits. Surprisingly, this implicit information is already sufficient to efficiently factor N 1 , N 2 provided that t is large enough. We then generalize this approach to more than one oracle query.