Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...

More documents

Recommendations

Info

131 7.4 The General Solution for EPACDP Upper bound of β → 0.8 0.6 0.4 0.2 case(i) case(ii) case(iii) 0 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 α → Figure 7.1: Comparison of theoretical results. Case (i): our result that works for both MSBs and LSBs. Case (ii): result of [86] for LSBs and that of [40] for MSBs. Case (iii): result of Chapter 6 for both MSBs and LSBs. 7.4.2 Analysis for k = 3 We now explain the case for k = 3 in detail. Theorem 7.11. Let N 1 = p 1 q 1 ,N 2 = p 2 q 2 and N 3 = p 3 q 3 , where p 1 ,p 2 ,p 3 , and q 1 ,q 2 ,q 3 are primes. Let N,N 1 ,N 2 ,N 3 be of same bitsize and q 1 ,q 2 ,q 3 ≈ N α , |p 1 −p 2 | < N β , |p 1 −p 3 | < N β . Then, under Assumption 1, one can factor N 1 ,N 2 and N 3 in poly(logN) time when provided that 2α+β ≤ 1. β < (1−α) 3 2 −α, Proof. Let x 0 = p 2 − p 1 and y 0 = p 3 − p 1 . We have N 1 = p 1 q 1 ,N 2 = p 2 q 2 = (x 0 + p 1 )q 2 ,N 3 = (y 0 + p 1 )q 3 . Our goal is to recover x 0 q 2 ,y 0 q 3 from N 1 ,N 2 and N 3 . Let X = N α+β . Clearly X is an upper bound of x 0 q 2 ,y 0 q 3 . Also we have p 1 ≈ N 1−α . When k = 3 then P 1 = X m3 3 +o(m3) N m3 6 +o(m3 ) 1 . Let t = τm. To have a manageable formula for P 2 , we need to assume t ≤ m+1.
Chapter 7: Approximate Integer Common Divisor Problem 132 Then P 2 = X m3 τ 2 +m 3 τ+ m3 τ 3 +o(m 3) 3 , and ω = m2 2 +m2 τ + m2 τ 2 +o(m 2 ). 2 Neglecting the o(m 3 ) terms, the required condition det(L) 0. (7.19) To maximize β for a fixed α, the optimal value of τ is 1−2α−β . Putting this optimal α+β valueofτ in(7.19), wegettherequiredconditionas−α 3 +2α 2 −2αβ−β 2 −3α+1 > 0, i.e., β < √ 1−3α+3α 2 −α 3 −α. As τ ≥ 0, we also need the constraint 2α+β ≤ 1. Then under Assumption 1 (as the polynomials are of two variables), we can collect the roots successfully. In Theorem 6.9 of Chapter 6, it has been explained that factorization of N 1 ,N 2 ,N 3 will be successful when β < 0.8 − 2α. In our case, the upper bound of β is √ 1−3α+3α 2 −α 3 −α. Now, 0.8−2α < √ 1−3α+3α 2 −α 3 −α when α < 0.55. Hence, our upper bound on β will be greater than that of Theorem 6.9. 7.5 Sublattice and Generalized Bound In this section, we study a sublattice L ′ of the lattice L explained in the previous section. This helps in two ways as follows. • The dimension of the sublattice L ′ is less than that of L and this helps in actual experiments. • The theoretical analysis helps us to get a generalized bound for β.
Page 1:
some results on Cryptanalysis of RS
Page 5 and 6:
Abstract In this thesis, we propose
Page 7 and 8:
Acknowledgements There are many peo
Page 9:
To Thaakuma (Grandmother), the firs
Page 12 and 13:
2.3.7 Small Decryption Exponent Att
Page 14 and 15:
7.4 The General Solution for EPACDP
Page 17 and 18:
List of Figures 1.1 Communication o
Page 19 and 20:
Chapter 1: Introduction 2 The motiv
Page 21 and 22:
Chapter 1: Introduction 4 there is
Page 23 and 24:
Chapter 1: Introduction 6 Discrete
Page 25 and 26:
Chapter 1: Introduction 8 Chapter 5
Page 28 and 29:
Chapter 2 Mathematical Preliminarie
Page 30 and 31:
13 2.2 RSA Cryptosystem are impleme
Page 32 and 33:
15 2.2 RSA Cryptosystem • private
Page 34 and 35:
17 2.2 RSA Cryptosystem istic prima
Page 36 and 37:
19 2.2 RSA Cryptosystem Afterfindin
Page 38 and 39:
21 2.2 RSA Cryptosystem integer x <
Page 40 and 41:
23 2.3 Cryptanalysis of RSA to be h
Page 42 and 43:
25 2.3 Cryptanalysis of RSA The att
Page 44 and 45:
27 2.4 Lattice and LLL Algorithm No
Page 46 and 47:
29 2.4 Lattice and LLL Algorithm Wh
Page 48 and 49:
31 2.5 Solving Modular Polynomials
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
39 2.6 Solving Integer Polynomials
Page 58 and 59:
41 2.6 Solving Integer Polynomials
Page 60 and 61:
43 2.7 Analysis of the Root Finding
Page 62:
45 2.9 Conclusion 2.9 Conclusion No
Page 65 and 66:
Chapter 3: A class of Weak Encrypti
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Chapter 4: Cryptanalysis of RSA wit
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 92 and 93:
Chapter 5 Reconstruction of Primes
Page 94 and 95:
77 5.1 LSB Case: Combinatorial Anal
Page 96 and 97:
79 5.1 LSB Case: Combinatorial Anal
Page 98 and 99: 81 5.1 LSB Case: Combinatorial Anal
Page 100 and 101: 83 5.1 LSB Case: Combinatorial Anal
Page 102 and 103: 85 5.2 LSB Case: Lattice Based Tech
Page 104 and 105: 87 5.3 MSB Case: Our Method and its
Page 112 and 113: Chapter 6 Implicit Factorization In
Page 114 and 115: 97 6.1 Implicit Factoring of Two La
Page 116 and 117: 99 6.1 Implicit Factoring of Two La
Page 118 and 119: 101 6.1 Implicit Factoring of Two L
Page 124 and 125: 107 6.2 Two Primes with Shared Cont
Page 126 and 127: 109 6.2 Two Primes with Shared Cont
Page 128 and 129: 111 6.3 Exposing a Few MSBs of One
Page 130 and 131: 113 6.3 Exposing a Few MSBs of One
Page 132 and 133: Chapter 7 Approximate Integer Commo
Page 134 and 135: 117 7.1 Finding q −1 mod p ≡ Fa
Page 136 and 137: 119 7.2 Finding Smooth Integers in
Page 138 and 139: 121 7.3 Extension of Approximate Co
Page 140 and 141: 123 7.4 The General Solution for EP
Page 150 and 151: 133 7.5 Sublattice and Generalized
Page 156 and 157: 139 7.6 Improved Results for Larger
Page 158 and 159: 141 7.6 Improved Results for Larger
Page 160 and 161: 143 7.7 EGACDP The approach in this
Page 162 and 163: 145 7.7 EGACDP Sinceinthiscasethema
Page 164: 147 7.8 Conclusion poly{loga,k}. Th
Page 167 and 168: Chapter 8: Conclusion 150 Chapter 3
Page 169 and 170: Chapter 8: Conclusion 152 p 1 ,p 2
Page 171 and 172: Chapter 8: Conclusion 154 represent
Page 173 and 174: Chapter 8: Conclusion 156 Final Wor
Page 175 and 176: BIBLIOGRAPHY 158 [9] J. Blömer and
Page 177 and 178: BIBLIOGRAPHY 160 [31] B. de Weger.
Page 179 and 180: BIBLIOGRAPHY 162 [54] M.J.Hinek. Cr
Page 181 and 182: BIBLIOGRAPHY 164 [76] A. K. Lenstra
Page 183 and 184: BIBLIOGRAPHY 166 [97] A. Nitaj. Cry
Page 185: BIBLIOGRAPHY 168 [121] C. L. Siegel
show all

Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...

Create successful ePaper yourself

Delete template?

Save as template?