Advertisement

A Method for Solving Generalized Implicit Factorization Problem

  • Zhelei SunEmail author
  • Tianwei Zhang
  • Xiaoxia Zheng
  • Liuqing Yang
  • Liqiang Peng
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 550)

Abstract

The problem of factoring RSA moduli with the implicit hint was firstly proposed by May and Ritzenhofen at PKC’09 where unknown prime factors of several RSA moduli shared some number of least significant bits (LSBs), and was later considered by Faugère et al. where some most significant bits (MSBs) were shared between the primes. Recently, Nitaj and Ariffin proposed a generalization of the implicit factorization problem. Let \( {\text{N}}_{1} = {\text{p}}_{1} {\rm{q}}_{1} \) and \( {\text{N}}_{2} = {\text{p}}_{2} {\rm{q}}_{2} \) be two distinct RSA moduli, Nitaj and Ariffin showed that when \( {\text{a}}_{1} {\rm{p}}_{1} \) and \( {\text{a}}_{2} {\rm{p}}_{2} \) share enough bits, \( {\text{N}}_{1} , {\rm{N}}_{2} \) can be factored in polynomial time, where \( {\text{a}}_{1} \) and \( {\text{a}}_{2} \) are some unknown positive integers. They also extended their work to the case of \( k\left( { \ge 3} \right) \) moduli. In this paper, we revisit Nitaj-Ariffin’s work and transform the problem into solving small roots of a modular equation. Then by utilizing Coppersmith’s method, for the case of two moduli we improve Nitaj-Ariffin’s result when the unknowns \( {\text{a}}_{1} ,{\rm{a}}_{2} \) are relatively small, and our result is always better than Nitaj-Ariffin’s result for the case of \( k\left( { \ge 3} \right) \) moduli.

Keywords

RSA scheme Implicit factorization problem Coppersmith’s method 

References

  1. 1.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N0.292. IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)CrossRefGoogle Scholar
  2. 2.
    Coppersmith, D.: Finding a small root of a univariate modular equation. In: EUROCRYPT 1996, pp. 155–165 (1996)CrossRefGoogle Scholar
  3. 3.
    Coppersmith, D.: Finding a small root of a bivariate integer equation factoring with high bits known. In: EUROCRYPT 1996, pp. 178–189 (1996)CrossRefGoogle Scholar
  4. 4.
    Faugère, J.-C., Mariner, R., Renault, G.: Implicit factoring with shared most significant and middle bits. In: PKC 2010, pp. 70–87 (2010)CrossRefGoogle Scholar
  5. 5.
    Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Cryptography and Coding 1997, pp. 131–142 (1997)CrossRefGoogle Scholar
  6. 6.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Lu, Y., Peng, L., Zhang, R., Hu, L., Lin, D.: Towards optimal bounds for implicit factorization problem. In: SAC 2015, pp. 462–476 (2015)Google Scholar
  8. 8.
    Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: Revisited. In: ASIACRYPT 2015, Part I, pp. 189–213 (2015)CrossRefGoogle Scholar
  9. 9.
    May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003). http://ubdata.uni-paderborn.de/ediss/17/2003/may/disserta.pdf
  10. 10.
    May, A., Ritzenhofen, M.: Implicit factoring: on polynomial time factoring given only an implicit hint. In: PKC 2009, pp. 1–14 (2009)Google Scholar
  11. 11.
    Nitaj, A., Ariffin, M.: Implicit factorization of unbalanced RSA moduli. J. Appl. Math. Comput. 48(1–2), 349–363 (2015)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Peng, L., Hu, L., Xu, J., Huang, Z., Xie, Y.: Further improvement of factoring RSA moduli with implicit hint. In: AFRICACRYPT 2014, pp. 165–177 (2014)CrossRefGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Sarkar, S., Maitra, S.: Approximate integer common divisor problem relates to implicit factorization. IEEE Trans. Inf. Theory 57(6), 4002–4013 (2011)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Zhelei Sun
    • 1
    Email author
  • Tianwei Zhang
    • 1
  • Xiaoxia Zheng
    • 1
  • Liuqing Yang
    • 1
  • Liqiang Peng
    • 2
    • 3
  1. 1.Beijing Institute of Spacecraft System EngineeringBeijingChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina

Personalised recommendations