Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
109 6.2 Two Primes with Shared Contiguous Portion <strong>of</strong> Bits at the Middle<br />
It follows from the above definitions that<br />
⎧<br />
i 4 = 0,...,m,<br />
i 3 = 0,...,m−i 4 ,<br />
⎪⎨<br />
x i 1<br />
y i 2<br />
z i 3+j 1<br />
v i 4+j 2<br />
i 2 = i 3 +i 4 ,...,m,<br />
∈ S ⇔<br />
i 1 = 0,...,m−i 2 +i 3 +i 4 ,<br />
j 1 = 0,...,t 1 ,<br />
⎪⎩<br />
j 2 = 0,...,t 2<br />
⎧<br />
i 4 = 0,...,m+1,<br />
i 3 = 0,...,m+1−i 4 ,<br />
⎪⎨<br />
x i 1<br />
y i 2<br />
z i 3+j 1<br />
v i 4+j 2<br />
i 2 = i 3 +i 4 ,...,m+1,<br />
∈ M ⇔<br />
i 1 = 0,...,m+1−i 2 +i 3 +i 4 ,<br />
j 1 = 0,...,t 1 ,<br />
⎪⎩<br />
j 2 = 0,...,t 2<br />
From Section 2.6.2, we know that these polynomials can be found by lattice<br />
reduction if<br />
X s 1<br />
Y s 2<br />
Z s 3<br />
V s 4<br />
< W s , (6.7)<br />
where s = |S|, s j = ∑ x i 1y i 2z i 3v i 4∈M\S i j for j = 1,...,4, and<br />
W = ‖f(xX,yY,zZ)‖ ∞ ≥ max{N 1 X,N 2 Y} = N 1+γ .<br />
One can easily check the following.<br />
s 1 = 3 2 t 1t 2 m 2 +t 1 m 3 +t 2 m 3 + 1 4 m4 +o(m 4 ),<br />
s 2 = 3 2 t 1t 2 m 2 + 4 3 t 1m 3 + 4 3 t 2m 3 + 11<br />
24 m4 +o(m 4 ),<br />
s 3 = t 2 1t 2 m+ 3 2 t 1t 2 m 2 + 3 4 t2 1m 2 + 2 3 t 1m 3 + 2 3 t 2m 3 + 1 6 m4 +o(m 4 ),<br />
s 4 = t 1 t 2 2m+ 3 2 t 1t 2 m 2 + 3 4 t2 2m 2 + 2 3 t 1m 3 + 2 3 t 2m 3 + 1 6 m4 +o(m 4 ),<br />
s = t 1 t 2 m 2 + 1 2 t 1m 3 + 1 2 t 2m 3 + 1 8 m4 +o(m 4 ).<br />
For a given integer m, let t 1 = τ 1 m and t 2 = τ 2 m. Then substituting the values <strong>of</strong><br />
X,Y,Z,V and lower bound <strong>of</strong> W in (6.7) and neglecting the lower order terms <strong>of</strong><br />
s j we get the required condition.