Integer Factorization and RSA

  • Jeffrey Hoffstein
  • Jill Pipher
  • Joseph H. Silverman
Part of the Undergraduate Texts in Mathematics book series (UTM)


The Diffie–Hellman key exchange method and the Elgamal public key cryptosystem studied in Sects. 2.3 and 2.4 rely on the fact that it is easy to compute powers \(a^{n}\bmod p\), but difficult to recover the exponent n if you know only the values of a and \(a^{n}\bmod p\). An essential result that we used to analyze the security of Diffie–Hellman and Elgamal is Fermat’s little theorem (Theorem 1.24),
$$\displaystyle{a^{p-1} \equiv 1\ (\mathrm{mod}\ p)\qquad \mbox{ for all $a\not\equiv 0(\mathrm{mod}p)$.}}$$


  1. [1]
    M. Agrawal, N. Kayal, N. Saxena, PRIMES is in P. Ann. Math. (2) 160(2), 781–793 (2004)Google Scholar
  2. [5]
    W.R. Alford, A. Granville, C. Pomerance, There are infinitely many Carmichael numbers. Ann. Math. (2) 139(3), 703–722 (1994)Google Scholar
  3. [7]
    T.M. Apostol, Introduction to Analytic Number Theory. Undergraduate Texts in Mathematics (Springer, New York, 1976)Google Scholar
  4. [9]
    E. Bach, Explicit bounds for primality testing and related problems. Math. Comput. 55(191), 355–380 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  5. [10]
    E. Bach, J. Shallit, Algorithmic Number Theory: Efficient Algorithms. Foundations of Computing Series, vol. 1 (MIT, Cambridge, 1996).Google Scholar
  6. [17]
    J. Blömer, A. May, Low secret exponent RSA revisited, in Cryptography and Lattices, Providence, 2001. Volume 2146 of Lecture Notes in Computer Science (Springer, Berlin, 2001), pp. 4–19Google Scholar
  7. [18]
    D. Boneh, G. Durfee, Cryptanalysis of RSA with private key d less than N 0. 292, in Advances in Cryptology—EUROCRYPT ’99, Prague. Volume 1592 of Lecture Notes in Computer Science (Springer, Berlin, 1999), pp. 1–11Google Scholar
  8. [19]
    D. Boneh, G. Durfee, Cryptanalysis of RSA with private key d less than N 0. 292. IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)Google Scholar
  9. [22]
    D. Boneh, R. Venkatesan, Breaking RSA may not be equivalent to factoring (extended abstract), in Advances in Cryptology—EUROCRYPT ’98, Espoo. Volume 1403 of Lecture Notes in Computer Science (Springer, Berlin, 1998), pp. 59–71Google Scholar
  10. [24]
    E.R. Canfield, P. Erdős, C. Pomerance, On a problem of Oppenheim concerning “factorisatio numerorum”. J. Number Theory 17(1), 1–28 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  11. [28]
    H. Cohen, A Course in Computational Algebraic Number Theory. Volume 138 of Graduate Texts in Mathematics (Springer, Berlin, 1993)Google Scholar
  12. [31]
    D. Coppersmith, Solving homogeneous linear equations over GF(2) via block Wiedemann algorithm. Math. Comput. 62(205), 333–350 (1994)MathSciNetzbMATHGoogle Scholar
  13. [34]
    R. Crandall, C. Pomerance, Prime Numbers (Springer, New York, 2001)CrossRefGoogle Scholar
  14. [35]
    H. Davenport, The Higher Arithmetic (Cambridge University Press, Cambridge, 1999)zbMATHGoogle Scholar
  15. [36]
    M. Dietzfelbinger, Primality Testing in Polynomial Time: From Randomized Algorithms to “PRIMES is in P”. Volume 3000 of Lecture Notes in Computer Science (Springer, Berlin, 2004)Google Scholar
  16. [38]
    W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory IT-22(6), 644–654 (1976)Google Scholar
  17. [52]
    G.H. Hardy, E.M. Wright, An Introduction to the Theory of Numbers, 5th edn. (The Clarendon Press/Oxford University Press, New York, 1979)zbMATHGoogle Scholar
  18. [59]
    K. Ireland, M. Rosen, A Classical Introduction to Modern Number Theory. Volume 84 of Graduate Texts in Mathematics (Springer, New York, 1990)Google Scholar
  19. [72]
    B.A. LaMacchia, A.M. Odlyzko, Solving large sparse linear systems over finite fields, in Advances in Cryptology—CRYPTO ’90, Santa Barbara, 1990. Lecture Notes in Computer Science (Springer, Berlin, 1990)Google Scholar
  20. [76]
    H.W. Lenstra jr., C. Pomerance, Primality testing with Gaussian periods (2011).
  21. [87]
    G.L. Miller, Riemann’s hypothesis and tests for primality. J. Comput. Syst. Sci. 13(3), 300–317 (1976). Working papers presented at the ACM-SIGACT Symposium on the Theory of Computing, Albuquerque, 1975Google Scholar
  22. [100]
    I. Niven, H.S. Zuckerman, H.L. Montgomery, An Introduction to the Theory of Numbers (Wiley, New York, 1991)Google Scholar
  23. [105]
    C. Pomerance, A tale of two sieves. Not. Am. Math. Soc. 43(12), 1473–1485 (1996)MathSciNetzbMATHGoogle Scholar
  24. [109]
    H. Riesel, Prime Numbers and Computer Methods for Factorization. Volume 126 of Progress in Mathematics (Birkhäuser, Boston, 1994)Google Scholar
  25. [111]
    K.H. Rosen, Elementary Number Theory and Its Applications, 4th edn. (Addison-Wesley, Reading, 2000)zbMATHGoogle Scholar
  26. [132]
    V. Shoup, A Computational Introduction to Number Theory and Algebra (Cambridge University Press, 2005).
  27. [137]
    J.H. Silverman, A Friendly Introduction to Number Theory, 4th edn. (Pearson, Upper Saddle River, 2013)Google Scholar
  28. [148]
    A.E. Western, J.C.P. Miller, Tables of Indices and Primitive Roots. Royal Society Mathematical Tables, vol. 9 (Published for the Royal Society at the Cambridge University Press, London, 1968)Google Scholar
  29. [149]
    M.J. Wiener, Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  30. [150]
    S.Y. Yan, Primality Testing and Integer Factorization in Public-Key Cryptography. Volume 11 of Advances in Information Security (Kluwer Academic, Boston, 2004)Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Jeffrey Hoffstein
    • 1
  • Jill Pipher
    • 1
  • Joseph H. Silverman
    • 1
  1. 1.Department of MathematicsBrown UniversityProvidenceUSA

Personalised recommendations