How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Authors:
Marc Joye;Jean-Jacques Quisquater;Tsuyoshi Takagi
Affiliations:
Laboratory of Cryptography and Information Security, Dept of Electrical Engineering, Tamkang University, Tamsui, Taipei Hsien 25137, Taiwan, R.O.C. joye@ee.tku.edu.tw;UCL Crypto Group & Laboratoire de Microélectronique, Dép. d‚Électricité, Université de Louvain, Place du Levant 3, B-1348 Louvain-la-Neuve, Belgium jjq@dice.ucl ...;NTT Software Laboratories, 3-9-11, Midori-cho Musashino-shi, Tokyo 180-8585, Japan ttakagi@slab.ntt.co.jp
Venue:
Designs, Codes and Cryptography
Year:
2001

Citing 10
Cited 0

Strong primes are easy to find

Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Fast generation of secure RSA-moduli with almost maximal diversity

EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Prime numbers and computer methods for factorization (2nd ed.)

Prime numbers and computer methods for factorization (2nd ed.)
A new elliptic curve based analogue of RSA

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Elliptic Curve Public Key Cryptosystems

Elliptic Curve Public Key Cryptosystems
New Public-Key Schemes Based on Elliptic Curves over the Ring Zn

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
On Using Carmichael Numbers for Public Key Encryption Systems

Proceedings of the 6th IMA International Conference on Cryptography and Coding

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.