dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
avoided. It should be noted that, on their work, Boneh and Durfee claim their<br />
conviction that the small inverse problem can solved even for δ < 0.5.<br />
Blomer and May[3], based on the Boneh-Durfee attack, presented a new<br />
heuristic attack for solving the small inverse problem for δ < 0.290. Though<br />
they do not improve the previous existing bound, their attack is simpler to<br />
analyse.<br />
Their main result, again dependant on Conjecture 1, is presented now. This<br />
is the general result, where the encryption exponent e is not assumed to be of<br />
the same magnitude of N, that is, α = 1.<br />
Theorem 30. For every ɛ > 0, there exists an N0 such that for every N > N0<br />
the following holds: Let N = pq be an RSA modulus and p, q balanced primes,<br />
e = N α the encryption exponent and d = N δ its corresponding decryption<br />
exponent defined modulo φ(N) such that<br />
δ < 2<br />
5<br />
− 3<br />
5<br />
1<br />
α + 4α2 − 2α + 4 − ɛ.<br />
5<br />
Then N can be factored in time polynomial in log(N), provided that Conjecture<br />
1 holds.<br />
We can see that setting α = 1 yields the bound δ < 0.29.<br />
50