Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...

More documents

Recommendations

Info

Abstract In this thesis, we propose some new results in Cryptanalysis of RSA and related Factorization problems. Till date, the best known algorithm to solve the Integer Factorization problem is the Number Field Sieve, which has a runtime greater than exp(log 1/3 N) for factoring an integer N. However, if one obtains certain information about the RSA parameters, there are algorithms which can factor the RSA modulus N = pq quite efficiently. The intention of this thesis is to identify such weaknesses of the RSA cryptosystem and its variants. Further we study results related to factorization. In Africacrypt 2008, Nitaj presented a class of weak keys in RSA considering certain properties of the encryption exponent e. We show that this result can be generalized from different aspects. We consider the cases when e satisfies an equation of the form eX−ψY = 1 under some specific constraints on two integers X,Y and a function ψ. Using the idea of Boneh and Durfee (Eurocrypt 1999, IEEE-IT 2000), we show that the LLL algorithm can be efficiently applied to get ψ in cases where Y satisfies certain bounds. This idea extends the class of weak keys presented by Nitaj when ψ is of the form (p−u)(q −v) for RSA primes p,q and integers u,v. Further, we consider the form ψ = N −pu−v for integers u,v to present a new class of weak keys in RSA. This idea does not require any kind of factorization as used in Nitaj’s work. Next, we analyze the security of RSA where multiple encryption are available for the same modulus N. We show that if n many corresponding decryption exponents (d 1 ,...,d n ) are generated, then RSA is insecure when d i < N 3n−1 4n+4 , for all i, 1 ≤ i ≤ n and n ≥ 2. Our result improves the bound of Howgrave-Graham and Seifert (CQRE 1999). We also discuss the factorization of N by reconstructing the primes from randomly known bits. We revisit the work of Heninger and Shacham (Crypto 2009) and provide a combinatorial model for the reconstruction where some random bits of the primes are known. This shows how one can factorize N given the knowledge of random bits in the least significant halves of the primes. We also explain a lattice based strategy in this direction. More importantly, we study how N can be factored given the knowledge of some blocks of bits in the most significant halves of the primes. We present improved theoretical result and experimental evidences in this direction. i
Page 1: some results on Cryptanalysis of RS
Page 6 and 7: In PKC 2009, May and Ritzenhofen pr
Page 8 and 9: and support they provided throughou
Page 11 and 12: Contents 1 Introduction 1 1.1 Encry
Page 13 and 14: 5 Reconstruction of Primes given fe
Page 15: List of Tables 3.1 The numerical up
Page 18 and 19: Chapter 1 Introduction The word ‘
Page 20 and 21: 3 1.2 Symmetric Key Cryptography en
Page 22 and 23: 5 1.3 Asymmetric Key Cryptography t
Page 24 and 25: 7 1.5 Organization of the Thesis 1.
Page 26: 9 1.6 Prerequisites 1.6 Prerequisit
Page 29 and 30: Chapter 2: Mathematical Preliminari
Page 55 and 56:
Chapter 2: Mathematical Preliminari
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 64 and 65:
Chapter 3 A class of Weak Encryptio
Page 66 and 67:
49 3.1 Our Basic Technique Lemma 3.
Page 68 and 69:
51 3.1 Our Basic Technique • For
Page 70 and 71:
53 3.2 Improvements over Existing W
Page 72 and 73:
55 3.3 A New Class of Weak Keys 945
Page 74 and 75:
57 3.3 A New Class of Weak Keys 897
Page 76 and 77:
59 3.3 A New Class of Weak Keys thi
Page 78 and 79:
61 3.3 A New Class of Weak Keys to
Page 80 and 81:
Chapter 4 Cryptanalysis of RSA with
Page 82 and 83:
65 4.1 Theoretical Result Hence the
Page 84 and 85:
67 4.1 Theoretical Result s,s 1 ,s
Page 86 and 87:
69 4.1 Theoretical Result We want t
Page 88 and 89:
71 4.1 Theoretical Result Calculati
Page 90:
73 4.3 Conclusion share the integer
Page 93 and 94:
Chapter 5: Reconstruction of Primes
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Chapter 6: Implicit Factorization 9
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Chapter 7: Approximate Integer Comm
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 166 and 167:
Chapter 8 Conclusion In this chapte
Page 168 and 169:
151 8.1 Summary of Technical Result
Page 170 and 171:
153 8.2 Overview of Root Finding Te
Page 172 and 173:
155 8.3 Open Problems Problem 8.3.
Page 174 and 175:
Bibliography [1] Advanced Encryptio
Page 176 and 177:
159 BIBLIOGRAPHY [20] Y.-G. Chen an
Page 178 and 179:
161 BIBLIOGRAPHY [42] M. K. Frankli
Page 180 and 181:
163 BIBLIOGRAPHY [65] E. Jochemsz a
Page 182 and 183:
165 BIBLIOGRAPHY [86] A. May and M.
Page 184 and 185:
167 BIBLIOGRAPHY [108] R. L. Rivest
show all

Cryptanalysis of RSA Factorization - Library(ISI Kolkata) - Indian ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?