Skip to main content
Download book PDF
View expanded cover

International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2008: Advances in Cryptology - ASIACRYPT 2008 pp 406–424Cite as

Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 5350)

Abstract

We study the problem of finding solutions to linear equations modulo an unknown divisor p of a known composite integer N. An important application of this problem is factorization of N with given bits of p. It is well-known that this problem is polynomial-time solvable if at most half of the bits of p are unknown and if the unknown bits are located in one consecutive block. We introduce an heuristic algorithm that extends factoring with known bits to an arbitrary number n of blocks. Surprisingly, we are able to show that ln (2) ≈ 70% of the bits are sufficient for any n in order to find the factorization. The algorithm’s running time is however exponential in the parameter n. Thus, our algorithm is polynomial time only for \(n = {\mathcal O}(\log\log N)\) blocks.

Keywords

  • Lattices
  • small roots
  • factoring with known bits

This research was supported by the German Research Foundation (DFG) as part of the project MA 2536/3-1.

Download conference paper PDF

References

  1. Ajtai, M.: The Shortest Vector Problem in L2 is NP-hard for Randomized Reductions (Extended Abstract). In: STOC, pp. 10–19 (1998)

    Google Scholar 

  2. Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory 46(4), 1339 (2000)

    MathSciNet  CrossRef  MATH  Google Scholar 

  3. Bleichenbacher, D., May, A.: New Attacks on RSA with Small Secret CRT-Exponents. In: Public Key Cryptography, pp. 1–13 (2006)

    Google Scholar 

  4. Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.-P., Stern, J.: Improved Low-Density Subset Sum Algorithms. Computational Complexity 2, 111–128 (1992)

    MathSciNet  CrossRef  MATH  Google Scholar 

  5. Coron, J.-S., May, A.: Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring. J. Cryptology 20(1), 39–50 (2007)

    MathSciNet  CrossRef  MATH  Google Scholar 

  6. Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)

    CrossRef  Google Scholar 

  7. Coppersmith, D.: Finding a Small Root of a Univariate Modular Equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996)

    CrossRef  Google Scholar 

  8. Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology 10(4), 233–260 (1997)

    MathSciNet  CrossRef  MATH  Google Scholar 

  9. Coron, J.-S.: Finding Small Roots of Bivariate Integer Polynomial Equations: A Direct Approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379–394. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  10. Girault, M., Misarsky, J.-F.: Selective Forgery of RSA Signatures Using Redundancy. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 495–507. Springer, Heidelberg (1997)

    CrossRef  Google Scholar 

  11. Girault, M., Toffin, P., Vallée, B.: Computation of approximate L-th roots modulo n and application to cryptography. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 100–117. Springer, Heidelberg (1990)

    CrossRef  Google Scholar 

  12. Hastad, J.: Solving Simultaneous Modular Equations of Low Degree. SIAM Journal on Computing 17(2), 336–341 (1988)

    MathSciNet  CrossRef  Google Scholar 

  13. Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: Proceedings of the 6th IMA International Conference on Cryptography and Coding, pp. 131–142 (1997)

    Google Scholar 

  14. Howgrave-Graham, N.: Approximate Integer Common Divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51–66. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  15. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring Polynomials with Rational Coefficients. Mathematische Annalen 261(4), 515–534 (1982)

    MathSciNet  CrossRef  MATH  Google Scholar 

  16. Maurer, U.M.: On the Oracle Complexity of Factoring Integers. Computational Complexity 5(3/4), 237–247 (1995)

    MathSciNet  CrossRef  MATH  Google Scholar 

  17. May, A.: New RSA Vulnerabilities Using Lattice Reduction Methods. PhD thesis, University of Paderborn (2003)

    Google Scholar 

  18. May, A.: Computing the RSA Secret Key Is Deterministic Polynomial Time Equivalent to Factoring. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 213–219. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  19. Minkowski, H.: Geometrie der Zahlen. Teubner (1910)

    Google Scholar 

  20. Nguyen, P.Q.: Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555–570. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  21. Nguyen, P.Q., Stern, J.: The Two Faces of Lattices in Cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  22. Nguyen, P.Q., Stehlé, D.: Floating-Point LLL Revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  23. Rivest, R.L., Shamir, A.: Efficient Factoring Based on Partial Information. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 31–34. Springer, Heidelberg (1986)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security Faculty of Mathematics, Ruhr Universität Bochum, Germany

    Mathias Herrmann & Alexander May

Authors
  1. Mathias Herrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander May
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, NSW 2109, Sydney, Australia

    Josef Pieprzyk

Rights and permissions

Reprints and Permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Herrmann, M., May, A. (2008). Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits. In: Pieprzyk, J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89255-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89255-7_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89254-0

  • Online ISBN: 978-3-540-89255-7

  • eBook Packages: Computer ScienceComputer Science (R0)