Prime numbers and computer methods for factorization
Prime numbers and computer methods for factorization
A simple unpredictable pseudo random number generator
SIAM Journal on Computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptography: Theory and Practice
Cryptography: Theory and Practice
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Elliptic Curve Public Key Cryptosystems
Elliptic Curve Public Key Cryptosystems
New Public-Key Schemes Based on Elliptic Curves over the Ring Zn
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Some Remarks on Lucas-Based Cryptosystems
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
A public key cryptosystem based on elliptic curves over Z/nZ equivalent to factoring
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Some considerations concerning the selection of RSA moduli
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x0 = c mod n, xi+1 = xie mod n; i = 0, 1,... until gcd(xi+1 - x0, n) ≠ 1 or i or i B, B a given boundary. If i ≤ B, there are two cases. Case 1: gcd(xi+1 -x0, n) = n. In this case xi = m and the secret message m can be recovered. Case 2: 1 ≠ gcd(xi+1 - x0; n) ≠ n. In this case, the RSA modulus n can be factorised. If i ≤ B, then Case 2 is much more likely to occur than Case 1. This attack is called a cycling attack. We introduce some new generalised cycling attacks. These attacks work without the knowledge of e and c. Therefore, these attacks can be used as factorisation algorithms. We also translate these attacks to elliptic curves. For this case we call these attacks EC generalised cycling attacks. Finally, we review criteria that a strong RSA prime must satisfy.