Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits

  • Mathias Herrmann
  • Alexander May
Conference paper

DOI: 10.1007/978-3-540-89255-7_25

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5350)
Cite this paper as:
Herrmann M., May A. (2008) Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits. In: Pieprzyk J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg


We study the problem of finding solutions to linear equations modulo an unknown divisor p of a known composite integer N. An important application of this problem is factorization of N with given bits of p. It is well-known that this problem is polynomial-time solvable if at most half of the bits of p are unknown and if the unknown bits are located in one consecutive block. We introduce an heuristic algorithm that extends factoring with known bits to an arbitrary number n of blocks. Surprisingly, we are able to show that ln (2) ≈ 70% of the bits are sufficient for any n in order to find the factorization. The algorithm’s running time is however exponential in the parameter n. Thus, our algorithm is polynomial time only for \(n = {\mathcal O}(\log\log N)\) blocks.


Lattices small roots factoring with known bits 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Mathias Herrmann
    • 1
  • Alexander May
    • 1
  1. 1.Horst Görtz Institute for IT-Security Faculty of MathematicsRuhr Universität BochumGermany

Personalised recommendations