A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
An Attack on RSA Given a Small Fraction of the Private Key Bits
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Finding Small Solutions to Small Degree Polynomials
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Toward a Rigorous Variation of Coppersmith's Algorithm on Three Variables
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Factoring pq2 with Quadratic Forms: Nice Cryptanalyses
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Solving generalized small inverse problems
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Approximate polynomial GCD over integers
Journal of Symbolic Computation
Approximate GCD of several univariate polynomials with small degree perturbations
Journal of Symbolic Computation
A tool kit for finding small roots of bivariate polynomials over the integers
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A provably secure elliptic curve scheme with fast encryption
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Fully homomorphic encryption over the integers
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Optimal bounds for multi-prime Φ-hiding assumption
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
On optimal bounds of small inverse problems and approximate GCD problems with higher degree
ISC'12 Proceedings of the 15th international conference on Information Security
Attacking RSA---CRT signatures with faults on montgomery multiplication
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Protecting data confidentiality in cloud systems
Proceedings of the Fourth Asia-Pacific Symposium on Internetware
Hi-index | 0.00 |
We show that recent results of Coppersmith, Boneh, Durfee and Howgrave-Graham actually apply in the more general setting of (partially) approximate common divisors. This leads us to consider the question of "fully" approximate common divisors, i.e. where both integers are only known by approximations. We explain the lattice techniques in both the partial and general cases. As an application of the partial approximate common divisor algorithm we show that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time. In contrast to the partial setting, our technique with respect to the general setting can only be considered heuristic, since we encounter the same "proof of algebraic independence" problem as a subset of the above authors have in previous papers. This problem is generally considered a (hard) problem in lattice theory, since in our case, as in previous cases, the method still works extremely reliably in practice; indeed no counter examples have been obtained. The results in both the partial and general settings are far stronger than might be supposed from a continued-fraction standpoint (the way in which the problems were attacked in the past), and the determinant calculations admit a reasonably neat analysis.