Advertisement

Breaking RSA Generically Is Equivalent to Factoring

  • Divesh Aggarwal
  • Ueli Maurer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)

Abstract

We show that a generic ring algorithm for breaking RSA in ℤ N can be converted into an algorithm for factoring the corresponding RSA-modulus N. Our results imply that any attempt at breaking RSA without factoring N will be non-generic and hence will have to manipulate the particular bit-representation of the input in ℤ N . This provides new evidence that breaking RSA may be equivalent to factoring the modulus.

References

  1. 1.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Lipton, R.: Black box fields and their application to cryptography. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar
  3. 3.
    Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Brown, D.R.L.: Breaking RSA may be as difficult as factoring. In: Cryptology ePrint Archive, Report 205/380 (2006)Google Scholar
  5. 5.
    Childs, L.: A concrete introduction to higher algebra. Springer, New York (1992)zbMATHGoogle Scholar
  6. 6.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: 6th ACM Conference on Computer and Communications Security, pp. 46–52 (1999)Google Scholar
  8. 8.
    Damgård, I.B., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 256–271. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  11. 11.
    Jager, T.: Generic group algorithms. Master’s thesis, Ruhr Universität Bochum (2007)Google Scholar
  12. 12.
    Joux, A., Naccache, D., Thomé, E.: When e-th roots become easier than factoring. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 13–28. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Leander, G., Rupp, A.: On the equivalence of RSA and factoring regarding generic ring algorithms. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 241–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Lidl, R., Niederreiter, H.: Introduction to finite fields and their applications. Cambridge University Press, Cambridge (1994)CrossRefzbMATHGoogle Scholar
  15. 15.
    Maurer, U.: Towards the equivalence of breaking the diffie-hellman protocol and computing discrete logarithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Maurer, U.: Fast generation of prime numbers and secure public-key cryptographic parameters. Journal of Cryptology 8(3), 123–155 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Maurer, U.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Maurer, U., Wolf, S.: The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms. SIAM Journal of Computing 28(5), 1689–1721 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Micciancio, D.: The RSA group is pseudo-free. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 387–403. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Nechaev, V.I.: Complexity of a deterministic algorithm for the discrete logarithm. Mathematical Notes 55(2), 91–101 (1994)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Rivest, R.L.: On the notion of pseudo-free groups. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 505–521. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21, 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Divesh Aggarwal
    • 1
  • Ueli Maurer
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations