Improved Factorization of \(N=p^rq^s\)

  • Jean-Sébastien Coron
  • Rina Zeitoun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)


Boneh et al. showed at Crypto 99 that moduli of the form \(N=p^rq\) can be factored in polynomial time when \(r \ge \log p\). Their algorithm is based on Coppersmith’s technique for finding small roots of polynomial equations. Recently, Coron et al. showed that \(N=p^rq^s\) can also be factored in polynomial time, but under the stronger condition \(r \ge \log ^3 p\). In this paper, we show that \(N=p^rq^s\) can actually be factored in polynomial time when \(r \ge \log p\), the same condition as for \(N=p^rq\).


  1. [BCF+14]
    Bi, J., Coron, J.-S., Faugère, J.-C., Nguyen, P.Q., Renault, G., Zeitoun, R.: Rounding and chaining LLL: finding faster small roots of univariate polynomial congruences. IACR Cryptol. ePrint Archive (2014)Google Scholar
  2. [BDHG99]
    Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring \(n = p^rq\) for large \(r\). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999). Google Scholar
  3. [BM05]
    Blömer, J., May, A.: A tool kit for finding small roots of bivariate polynomials over the integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  4. [CFRZ16]
    Coron, J.-S., Faugére, J.-C., Renault, G., Zeitoun, R.: Factoring \(N = p^rq^s\) for large \(r\) and \(s\). In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610. Springer, Cham (2016). Google Scholar
  5. [Cop96a]
    Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996). Google Scholar
  6. [Cop96b]
    Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996). Google Scholar
  7. [Cop97]
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997). Journal version of [Cop96b, Cop96a]MathSciNetCrossRefzbMATHGoogle Scholar
  8. [Len87]
    Lenstra, H.W.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  9. [LKYL00]
    Lim, S., Kim, S., Yie, I., Lee, H.: A Generalized takagi-cryptosystem with a modulus of the form \(p^{r}q^{s}\). In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 283–294. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  10. [LLL82]
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Ann. 261, 513–534 (1982)MathSciNetzbMATHGoogle Scholar
  11. [LZPL15]
    Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  12. [May10]
    May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P., Vallée, B. (eds.) The LLL Algorithm. Information Security and Cryptography, pp. 315–348. Springer, Heidelberg (2009). Google Scholar
  13. [NS09]
    Nguyen, P.Q., Stehlé, D.: An LLL algorithm with quadratic complexity. SIAM J. of Comput. 39(3), 874–903 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [Tak98]
    Takagi, T.: Fast RSA-type cryptosystem modulo \(p^{k}q\). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.University of LuxembourgLuxembourg CityLuxembourg
  2. 2.IDEMIAParisFrance

Personalised recommendations