Skip to main content
SpringerLink
Log in

How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. S. Berkovits, Factoring via superencryption, Cryptologia, Vol. 6, No. 3 (1982) pp. 229–237.

    Google Scholar 

  2. B. Blakley and G. R. Blakley, Security of number theoretic cryptosystems against random attack, I, II, III, Cryptologia, Vol. 2, No. 4 (1978) pp. 305–312; Vol. 3, No. 1 (1979) pp. 29–42; Vol. 3, No. 2 (1979) pp. 105–118.

    Google Scholar 

  3. G. R. Blakey and I. Borosh, Rivest-Shamir-Adleman public key cryptosystems do not always conceal messages, Comp. & Maths. with Appls., Vol. 5 (1979) pp. 169–178.

    Google Scholar 

  4. N. Demytko, A new elliptic curve based analogue of RSA. In Advances in Cryptology—EUROCRYPT' 93 (T. Helleseth, ed.), volume 765 of Lecture Notes in Computer Science, Springer-Verlag (1994) pp. 40–49.

  5. J. Gordon, Strong RSA keys, Electronics Letters, Vol. 20, No. 12 (1984) pp. 514–516.

    Google Scholar 

  6. J. A. Gordon, Strong primes are easy to find. In Advances in Cryptology—EUROCRYPT' 84 (T. Beth, N. Coth, I. Ingermarsson, eds.), volume 209 of Lecture Notes in Computer Science, Springer-Verlag (1985) pp. 216–223.

  7. T. Herlestam, Critical remarks on some public-key cryptosystems, BIT, Vol. 17 (1978) pp. 493–496.

    Google Scholar 

  8. International Organization for Standardization, The RSA public-key cryptosystem, Annex C of ISO/IEC 9594-8, Geneva (Switzerland), 1989.

  9. N. Koblitz, Elliptic curve cryptosystems, Math. of Comp., Vol. 48, No. 177 (1987) pp. 203–209.

    Google Scholar 

  10. K. Koyama, U. M. Maurer, T. Okamoto and S. A. Vanstone, New public-key schemes based on elliptic curves over the ring Zn. In Advances in Cryptology—CRYPTO' 91 (J. Feigenbaum, ed.), volume 576 of Lecture Notes in Computer Science, Springer-Verlag (1992) pp. 252–266.

  11. D. E. Knuth and L. Trabb-Pardo, Analysis of a simple factorization algorithm, Theoretical Computer Sc., Vol. 3 (1976) pp. 321–348.

    Google Scholar 

  12. H. Kuwakado and K. Koyama, Efficient cryptosystems over elliptic curves based on a product of form-free primes, IEICE Trans. Fundamentals, Vol. E77-A, No. 8 (1994) pp. 1309–1318.

    Google Scholar 

  13. H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics, Vol. 126 (1987) pp. 649–673.

    Google Scholar 

  14. The LiDIA Group, LiDIA—A library for computational number theory. Available at URL http://www. informatik.tu-darmadt.de/TI/LiDIA, Technische Universität Darmstadt, Germany.

  15. U. M. Maurer, Fast generation of secure RSA-moduli with almost maximal diversity. In Advances in Cryptology—EUROCRYPT' 89 (J.-J. Quisquater, J. Vandewalle, eds.), volume 434 of Lecture Notes in Computer Science, Springer-Verlag (1990) pp. 636–647.

  16. U. M. Maurer, Fast generation of prime numbers and secure public-key cryptographic parameters, Journal of Cryptology, Vol. 8, No. 3 (1995) pp. 123–155. An earlier version appeared in [15].

    Google Scholar 

  17. A. J. Menezes, Elliptic curve public key cryptosystems, Kluwer Academic Publishers (1993).

  18. A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Handbook of applied cryptography, CRC Press (1997).

  19. V. Miller, Use of elliptic curves in cryptography. In Advances in Cryptology—CRYPTO' 85 (H. C. Williams, ed.), volume 218 of Lecture Notes in Computer Science, Springer-Verlag (1986) pp. 417–426.

  20. J. H. Moore, Protocol failures in cryptosystems. In Contemporary Cryptology (G. Simmons, ed.), IEEE Press (1992) pp. 541–558.

  21. R. G. E. Pinch, On using Carmichael numbers for public-key encryption systems. In Cryptography and Coding (M. Darneel, ed.), volume 1355 of Lecture Notes in Computer Science, Springer-Verlag (1997) pp. 265–269.

  22. H. Riesel, Prime Numbers and Computer Methods for Factorization, 2nd ed., Birkh¨auser, 1994.

  23. R. L. Rivest, Remarks on a proposed cryptanalytic attack on the M.I.T. public-key cryptosystem, Cryptologia, Vol. 2, No. 1 (1978) pp. 62–65.

    Google Scholar 

  24. R. L. Rivest, Critical remarks on “Critical remarks on some public-key cryptosysterns” by T. Herlestam, BIT, Vol. 19 (1979) pp. 274–275.

  25. R. L. Rivest and R. D. Silverman, Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

  26. R. L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2, February (1978) pp. 120–126.

    Google Scholar 

  27. J. H. Silverman, The Arithmetic of Elliptic Curves, GTM 106, Springer-Verlag (1986).

  28. R. D. Silverman, Fast generation of random, strong RSA primes, CryptoBytes, Vol. 3, No. 1 (1997) pp. 9–13.

    Google Scholar 

  29. G. J. Simmons and M. J. Norris, Preliminary comment on the M.I.T. public-key cryptosystem, Cryptologia, Vol. 1 (1977) pp. 406–414.

    Google Scholar 

  30. H. C. Williams, A p + 1 method of factoring, Math. of Comp., Vol. 39, No. 159, July (1982) pp. 225–234.

    Google Scholar 

  31. H. C. Williams and B. Schmid, Some remarks concerning the M.I.T. public-key cryptosystem, BIT, Vol. 19 (1979) pp. 525–538.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Cryptography and Information Security, Dept of Electrical Engineering, Tamkang University, Tamsui, 25137, Taipei Hsien, Taiwan, R.O.C.

    Marc Joye

  2. UCL Crypto Group & Laboratoire de Microélectronique, Dép. d'Électricité, Université de Louvain, Place du Levant 3, B-1348, Louvain-la-Neuve, Belgium

    Jean-Jacques Quisquater

  3. NTT Software Laboratories, 3-9-11, Midori-cho Musashino-shi, Tokyo, 180-8585, Japan

    Tsuyoshi Takagi

Authors
  1. Marc Joye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Joye, M., Quisquater, JJ. & Takagi, T. How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves. Designs, Codes and Cryptography 23, 297–316 (2001). https://doi.org/10.1023/A:1011219027181

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1011219027181

Search

Navigation