Computing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring

  • Alexander May
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)

Abstract

We address one of the most fundamental problems concerning the RSA cryptoscheme: Does the knowledge of the RSA public key/ secret key pair (e,d) yield the factorization of N=pq in polynomial time? It is well-known that there is a probabilistic polynomial time algorithm that on input (N,e,d) outputs the factors p and q. We present the first deterministic polynomial time algorithm that factors N provided that e,d < φ(N) and that the factors p, q are of the same bit-size. Our approach is an application of Coppersmith’s technique for finding small roots of bivariate integer polynomials.

Keywords

RSA Coppersmith’s method 

References

  1. 1.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N0.292. IEEE Trans. on Information Theory 46(4), 1339–1349 (2000)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Blömer, J., May, A.: New Partial Key Exposure Attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Coron, J.-S.: Finding Small Roots of Bivariate Integer Polynomial Equations Revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Coppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Coppersmith, D.: Finding Small Solutions to Small Degree Polynomials. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 20–31. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Lenstra, K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)CrossRefGoogle Scholar
  8. 8.
    Miller, G.L.: Riemann’s hypothesis and tests for primality. In: Seventh Annual ACM Symposium on the Theory of Computing, pp. 234–239 (1975)Google Scholar
  9. 9.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Shoup, V.: NTL: A Library for doing Number Theory, online available at http://www.shoup.net/ntl/index.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Alexander May
    • 1
  1. 1.Faculty of Computer Science, Electrical Engineering and MathematicsUniversity of PaderbornPaderbornGermany

Personalised recommendations