Further improvement of factoring N = p r q s with partial known bits
We revisit the factoring with known bits problem on RSA moduli. In 1996, Coppersmith showed that the RSA modulus N = pq with balanced p, q can be efficiently factored, if the high order ¼log₂ N bits of one prime factor is given. Later, this important result is also generalized to the factorization o...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/151173 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-151173 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1511732021-06-11T06:42:31Z Further improvement of factoring N = p r q s with partial known bits Wang, Shixiong Qu, Longjiang Li, Chao Wang, Huaxiong School of Physical and Mathematical Sciences Science::Mathematics RSA Variant Partial Known Bits We revisit the factoring with known bits problem on RSA moduli. In 1996, Coppersmith showed that the RSA modulus N = pq with balanced p, q can be efficiently factored, if the high order ¼log₂ N bits of one prime factor is given. Later, this important result is also generalized to the factorization of RSA variants moduli such as N = p r q or N = p₁ p₂ · · · p n. In 2000, Lim et al. proposed a new RSA variant with the modulus of the form N = p r q s, which is much faster in the decryption process than the standard RSA. Then from 2015 to 2018, in order to investigate the security property of this RSA variant, Lu et al. and Coron et al. have presented three works studying the polynomial-time factorization of N = p r q s with partial known bits of p u q v (or one of the prime factors p, q) for different choices of u, v. In this paper, we present a new lattice construction used for Coppersmith’s method, and thus improve previous results. Namely, our result requires fewer known bits to recover the prime factors p, q. We also generalize our result to the factorization of N = p₁ r1 p₂ r2 · · · pn rn. The work in this paper is supported by the National Natural Science Foundation of China (Grant Nos. 11531002, 61572026 and 61722213), the Open Foundation of State Key Laboratory of Cryptology (Grant No. MMKFKT201617), and the program of China Scholarship Council (CSC) (No. 201703170302). 2021-06-11T06:42:31Z 2021-06-11T06:42:31Z 2019 Journal Article Wang, S., Qu, L., Li, C. & Wang, H. (2019). Further improvement of factoring N = p r q s with partial known bits. Advances in Mathematics of Communications, 13(1), 121-135. https://dx.doi.org/10.3934/amc.2019007 1930-5346 https://hdl.handle.net/10356/151173 10.3934/amc.2019007 2-s2.0-85060448507 1 13 121 135 en Advances in Mathematics of Communications © 2019 AIMS. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics RSA Variant Partial Known Bits |
| spellingShingle |
Science::Mathematics RSA Variant Partial Known Bits Wang, Shixiong Qu, Longjiang Li, Chao Wang, Huaxiong Further improvement of factoring N = p r q s with partial known bits |
| description |
We revisit the factoring with known bits problem on RSA moduli. In 1996, Coppersmith showed that the RSA modulus N = pq with balanced p, q can be efficiently factored, if the high order ¼log₂ N bits of one prime factor is given. Later, this important result is also generalized to the factorization of RSA variants moduli such as N = p r q or N = p₁ p₂ · · · p n. In 2000, Lim et al. proposed a new RSA variant with the modulus of the form N = p r q s, which is much faster in the decryption process than the standard RSA. Then from 2015 to 2018, in order to investigate the security property of this RSA variant, Lu et al. and Coron et al. have presented three works studying the polynomial-time factorization of N = p r q s with partial known bits of p u q v (or one of the prime factors p, q) for different choices of u, v. In this paper, we present a new lattice construction used for Coppersmith’s method, and thus improve previous results. Namely, our result requires fewer known bits to recover the prime factors p, q. We also generalize our result to the factorization of N = p₁ r1 p₂ r2 · · · pn rn. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Wang, Shixiong Qu, Longjiang Li, Chao Wang, Huaxiong |
| format |
Article |
| author |
Wang, Shixiong Qu, Longjiang Li, Chao Wang, Huaxiong |
| author_sort |
Wang, Shixiong |
| title |
Further improvement of factoring N = p r q s with partial known bits |
| title_short |
Further improvement of factoring N = p r q s with partial known bits |
| title_full |
Further improvement of factoring N = p r q s with partial known bits |
| title_fullStr |
Further improvement of factoring N = p r q s with partial known bits |
| title_full_unstemmed |
Further improvement of factoring N = p r q s with partial known bits |
| title_sort |
further improvement of factoring n = p r q s with partial known bits |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/151173 |
| _version_ |
1702431180295503872 |