Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 1: Introduction 6<br />
Discrete Logarithm Problem (DLP). Let G be a large cyclic group with generator<br />
g. Then given any element y = g a in G, the problem <strong>of</strong> finding the<br />
exponent a is called DLP over G. El Gamal system [35,36] is a public key<br />
cryptosystem based on DLP. In an elliptic curve group over a finite field,<br />
a similar problem <strong>of</strong> ECDLP can be formulated using the additive structure<br />
<strong>of</strong> the group. Based on the hardness <strong>of</strong> ECDLP and ECDHP (elliptic<br />
curve Diffie-Hellman problem), the notion <strong>of</strong> Elliptic Curve Cryptography<br />
was proposed independently by Koblitz [71] and Miller [91].<br />
Knapsack Problem. Givenaset<strong>of</strong>npositiveintegers{k i }andapositiveinteger<br />
N, the problem is to find whether it is possible to represent N = ∑ n<br />
i=1 a ik i<br />
where each a i is either 0 or 1. This is also called the subset sum problem.<br />
Many cryptosystems like Merkle-Hellman cryptosystem [88] were proposed<br />
based on this subset sum problem, and most <strong>of</strong> them have been broken. One<br />
may refer to [117,118] for an account on such attacks.<br />
Shortest Vector Problem (SVP). The problem is to find the shortest nonzero<br />
vector in a high dimensional lattice. This is hard in general and a<br />
few cryptosystems like NTRU [58], Ajtai-Dwork system [4,5] are based on<br />
this problem. It is worth noting that neither IPF nor DLP is hard under<br />
the quantum computation model, but SVP continues to remain hard in the<br />
quantum era.<br />
1.4 Goal <strong>of</strong> this Thesis<br />
The main goal <strong>of</strong> this thesis is <strong>Cryptanalysis</strong> <strong>of</strong> <strong>RSA</strong> modulus N = pq and related<br />
<strong>Factorization</strong> problems. It is still unknown whether there is an efficient (polynomial<br />
time) algorithm to solve the ‘Integer <strong>Factorization</strong> Problem (IFP)’ in the classical<br />
model. The best known algorithm to solve this problem is the Number Field Sieve<br />
(NFS) [76], which has runtime greater than exp(log 1/3 N). However, if one obtains<br />
certain information about the <strong>RSA</strong> parameters, there are algorithms which can<br />
factor N quite efficiently. Our intention is to identify such weaknesses <strong>of</strong> the <strong>RSA</strong><br />
cryptosystem and also to look into certain versions <strong>of</strong> factorization problem (in<br />
this thesis, the implicit factorization problem) that can be solved efficiently.