A key-exchange system based on imaginary quadratic fields
Journal of Cryptology
A course in computational algebraic number theory
A course in computational algebraic number theory
Speeding Fermat's factoring method
Mathematics of Computation
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Fast RSA-Type Cryptosystem Modulo pkq
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Open problems in number theoretic complexity, II
ANTS-I Proceedings of the First International Symposium on Algorithmic Number Theory
NICE - New Ideal Coset Encryption
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Approximate Integer Common Divisors
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Efficient Undeniable Signature Schemes Based on Ideal Arithmetic in Quadratic Orders
Designs, Codes and Cryptography
Binary Quadratic Forms: An Algorithmic Approach (Algorithms and Computation in Mathematics)
Binary Quadratic Forms: An Algorithmic Approach (Algorithms and Computation in Mathematics)
On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Algorithmic Cryptanalysis
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An adaptation of the NICE cryptosystem to real quadratic orders
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
List decoding for binary Goppa codes
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Simplified high-speed high-distance list decoding for alternant codes
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
On the optimality of lattices for the coppersmith technique
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
We present a new algorithm based on binary quadratic forms to factor integers of the form N = pq 2. Its heuristic running time is exponential in the general case, but becomes polynomial when special (arithmetic) hints are available, which is exactly the case for the so-called NICE family of public-key cryptosystems based on quadratic fields introduced in the late 90s. Such cryptosystems come in two flavours, depending on whether the quadratic field is imaginary or real. Our factoring algorithm yields a general key-recovery polynomial-time attack on NICE, which works for both versions: Castagnos and Laguillaumie recently obtained a total break of imaginary -NICE, but their attack could not apply to real -NICE. Our algorithm is rather different from classical factoring algorithms: it combines Lagrange's reduction of quadratic forms with a provable variant of Coppersmith's lattice-based root finding algorithm for homogeneous polynomials. It is very efficient given either of the following arithmetic hints: the public key of imaginary -NICE, which provides an alternative to the CL attack; or the knowledge that the regulator of the quadratic field $\mathbb{Q}(\sqrt{p})$ is unusually small, just like in real -NICE.