Algorithms to construct Minkowski reduced and Hermite reduced lattice bases
Theoretical Computer Science
Efficient factoring based on partial information
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
The quadratic sieve factoring algorithm
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Minkowski's convex body theorem and integer programming
Mathematics of Operations Research
Matrix analysis and applied linear algebra
Matrix analysis and applied linear algebra
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Complexity of Lattice Problems
Complexity of Lattice Problems
An Advantage of Low-Exponent RSA with Modulus Primes Sharing Least Significant Bits
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Closest Vectors, Successive Minima, and Dual HKZ-Bases of Lattices
ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Solutions to Small Degree Polynomials
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Algorithms for quantum computation: discrete logarithms and factoring
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Simple backdoors for RSA key generation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Factoring unbalanced moduli with known bits
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Implicit factoring with shared most significant and middle bits
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Hi-index | 0.00 |
We address the problem of polynomial time factoring RSA moduli N 1 = p 1 q 1 with the help of an oracle. As opposed to other approaches that require an oracle that explicitly outputs bits of p 1 , we use an oracle that gives only implicit information about p 1 . Namely, our oracle outputs a different N 2 = p 2 q 2 such that p 1 and p 2 share the t least significant bits. Surprisingly, this implicit information is already sufficient to efficiently factor N 1 , N 2 provided that t is large enough. We then generalize this approach to more than one oracle query.