Finding a small root of a bivariate integer equation; factoring with high bits known

Authors:
Don Coppersmith
Affiliations:
IBM Research, T.J. Watson Research Center, Yorktown Heights, NY
Venue:
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Year:
1996

Citing 3
Cited 54

Efficient factoring based on partial information

Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
How to Guess l-th Roots Modulo n by Reducing Lattice Bases

AAECC-6 Proceedings of the 6th International Conference, on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Finding a small root of a univariate modular equation

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques

Lattice Attacks on Digital Signature Schemes

Designs, Codes and Cryptography
Verifiable Partial Escrow of Integer Factors

Designs, Codes and Cryptography
A distributed key generation technique for public key infrastructures

Netnomics
Verifiable Partial Sharing of Integer Fractions

SAC '98 Proceedings of the Selected Areas in Cryptography
Generating RSA Moduli with a Predetermined Portion

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Group Signature Scheme with Improved Efficiency

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Key-Privacy in Public-Key Encryption

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Effectiveness of Lattice Attacks Against Low-Exponent RSA

PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Finding Small Solutions to Small Degree Polynomials

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Searching Worst Cases of a One-Variable Function Using Lattice Reduction

IEEE Transactions on Computers
Password authenticated key exchange using hidden smooth subgroups

Proceedings of the 12th ACM conference on Computer and communications security
Digital hyperplane recognition in arbitrary fixed dimension within an algebraic computation model

Image and Vision Computing
Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits

Designs, Codes and Cryptography
Toward a Rigorous Variation of Coppersmith's Algorithm on Three Variables

EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
A Timing-Resistant Elliptic Curve Backdoor in RSA

Information Security and Cryptology
Algebraic Cryptanalysis of CTRU Cryptosystem

COCOON '08 Proceedings of the 14th annual international conference on Computing and Combinatorics
On the Improvement of the BDF Attack on LSBS-RSA

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits

CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Factorization of Square-Free Integers with High Bits Known

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint

Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Attacking Power Generators Using Unravelled Linearization: When Do We Output Too Much?

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Computationally private information retrieval with polylogarithmic communication

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
An elliptic curve backdoor algorithm for RSASSA

IH'06 Proceedings of the 8th international conference on Information hiding
Finding small roots of bivariate integer polynomial equations: a direct approach

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Space-efficient kleptography without random oracles

IH'07 Proceedings of the 9th international conference on Information hiding
Kleptography from standard assumptions and applications

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Speeding up bipartite modular multiplication

WAIFI'10 Proceedings of the Third international conference on Arithmetic of finite fields
Solving generalized small inverse problems

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Cryptanalysis of a type of CRT-based RSA algorithms

Journal of Computer Science and Technology
Improved cryptanalysis of the multi-prime φ-hiding assumption

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Factorization of square-free integers with high bits known

VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Twin RSA

Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Single-database private information retrieval with constant communication rate

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
RSA with balanced short exponents and its application to entity authentication

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
A tool kit for finding small roots of bivariate polynomials over the integers

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Maximizing small root bounds by linearization and applications to small secret exponent RSA

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Implicit factoring with shared most significant and middle bits

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Multi-query computationally-private information retrieval with constant communication rate

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Flexible exponentiation with resistance to side channel attacks

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
A space efficient backdoor in RSA and its applications

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Simplified high-speed high-distance list decoding for alternant codes

PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
The leakage-resilience limit of a computational problem is equal to its unpredictability entropy

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A unified framework for small secret exponent attack on RSA

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Partial key exposure on RSA with private exponents larger than N

ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Inferring sequences produced by nonlinear pseudorandom number generators using coppersmith's methods

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Optimal bounds for multi-prime Φ-hiding assumption

ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Small private-exponent attack on RSA with primes sharing bits

ISC'07 Proceedings of the 10th international conference on Information Security
Improvement of trace-driven I-Cache timing attack on the RSA algorithm

Journal of Systems and Software
On optimal bounds of small inverse problems and approximate GCD problems with higher degree

ISC'12 Proceedings of the 15th international conference on Information Security
On the improvement of fermat factorization

NSS'12 Proceedings of the 6th international conference on Network and System Security
On the improvement of Fermat factorization using a continued fraction technique

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a method to solve integer polynomial equations in two variables, provided that the solution is suitably bounded. As an application, we show how to find the factors of N = PQ if we are given the high order ((1/4) log2 N) bits of P. This compares with Rivest and Shamit's requirement of ((1/3) log2 N) bits.