An attack on a signature scheme proposed by Okamoto and Shiraishi
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Reconstructing truncated integer variables satisfying linear congruences
SIAM Journal on Computing - Special issue on cryptography
How to Guess l-th Roots Modulo n by Reducing Lattice Bases
AAECC-6 Proceedings of the 6th International Conference, on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Computation of approximate L-th roots modulo n and application to cryptography
CRYPTO '88 Proceedings on Advances in cryptology
Flaws in Applying Proof Methodologies to Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
An Efficient Digital Signature Scheme Based on an Elliptic Curve Over the Ring Zn
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Threshold Phenomena in Random Lattices and Efficient Reduction Algorithms
ESA '99 Proceedings of the 7th Annual European Symposium on Algorithms
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
On the optimality of lattices for the coppersmith technique
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
The security of several signature schemes and cryptosystems, essentially proposed by Okamoto, is based on the difficulty of solving polynomial equations or inequations modulo n. The encryption and the decryption of these schemes are very simple when the factorisation of the modulus, a large composite number, is known.We show here that we can, for any odd n, solve, in polynomial probabilistic time, quadratic equations modulo n, even if the factorisation of n is hidden, provided we are given a sufficiently good approximation of the solutions. We thus deduce how to break Okamoto's second degree cryptosystem and we extend, in this way, Brickell's and Shamir's previous attacks.Our main tool is lattices that we use after a linearisation of the problem, and the success of our method depends on the geometrical regularity of a particular kind of lattices.Our paper is organized as follows: First we recall the problems already posed, their partial solutions and describe how our results solve extensions of these problems. We then introduce our main tool, lattices and show how their geometrical properties fit in our subject. Finally, we deduce our results. These methods can be generalized to higher dimensions.