Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 1: Introduction 8<br />
Chapter 5: In addition to the weaknesses <strong>of</strong> <strong>RSA</strong> due to weak keys, it may also be<br />
vulnerable due to leaked information about the <strong>RSA</strong> primes. In this chapter, we<br />
discuss the factorization <strong>of</strong> the <strong>RSA</strong> modulus N by reconstructing the primes from<br />
randomly known bits. In Sections 5.1 and 5.2, we analyze the fact that N = pq<br />
can be factored in reasonable time complexity when a few bits <strong>of</strong> the primes are<br />
known from the least significant halves. In Section 5.3, we analyze the same when<br />
a few bits are known from the most significant halves <strong>of</strong> the primes. The materials<br />
<strong>of</strong> this chapter are based on our publication [82].<br />
Chapter 6: At times, one may not obtain explicit bitwise information about<br />
the primes, but have some implicit knowledge regarding those. An attempt at<br />
<strong>RSA</strong> factorization based on this implicit knowledge is <strong>of</strong> interest as well. This<br />
chapter deals with the analysis <strong>of</strong> a situation when one can factor <strong>RSA</strong> moduli<br />
N 1 = p 1 q 1 ,N 2 = p 2 q 2 ,...,N k = p k q k in polynomial time if p 1 ,p 2 ,...,p k share a<br />
few bits. This problem is called the implicit factorization problem, introduced by<br />
May and Ritzenh<strong>of</strong>en in [86]. In Section 6.1, we present the implicit factorization<br />
strategy for two or three large integers when they share MSBs and/or LSBs. Next,<br />
in Section 6.2, we analyze the same problem when the primes p 1 ,p 2 share a (contiguous)<br />
portion <strong>of</strong> bits at the middle. The materials <strong>of</strong> this chapter are based on<br />
our publications [113,116].<br />
Chapter 7: In this chapter, we present two generalizations, Extended Partially<br />
Approximate Common Divisor Problem (EPACDP) and Extended General Approximate<br />
Common Divisor Problem (EGACDP), <strong>of</strong> the ‘approximate common<br />
divisor problem’ introduced by Howgrave-Graham [61]. We also propose two applications<br />
<strong>of</strong> ‘approximate common divisor problem’. In Sections 7.4 and 7.6, we<br />
propose two methods to solve EPACDP, and in Section 7.7, we discuss the solution<br />
<strong>of</strong> EGACDP. Most importantly, continuing from Chapter 6, we discuss the applications<br />
<strong>of</strong> EPACDP for implicit factorization when p 1 ,p 2 ,...,p k share some MSBs<br />
andorLSBs. Thematerials<strong>of</strong>thischapterarebasedonourpublications[112,116].<br />
Chapter 8: This chapter concludes the thesis. Here we present a comprehensive<br />
summary <strong>of</strong> our work that has been discussed throughout the thesis. We analyze<br />
andcompareourworkwiththecontemporaryadvancesinthefield<strong>of</strong>cryptography<br />
and also discuss open problems which might be interesting for further investigation<br />
along this line <strong>of</strong> research.