The security of public key cryptosystems based on integer factorization

  • Siguna Müller
  • Winfried B. Müller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1438)


Public-key encryption schemes are substantially slower than symmetric-key encryption algorithms. Therefore public-key encryption is used in practice together with symmetric algorithms in hybrid systems. The paper gives a survey of the state of art in public-key cryptography. Thereby special attention is payed to the different realizations of RSA-type cryptosystems. Though ElGamal-type cryptosystems on elliptic curves are of great interest in light of recent advances, the original RSA-cryptosystem is still the most widely used public-key procedure. After a comparison of public-key cryptosystems based on integer factorization and discrete logarithms a detailed cryptanalysis of RSA-type cryptosystems is given. Known strengths and weaknesses are described and recommendations for the choice of secure parameters are given. Obviously the RSA cryptosystem can be broken if its modulus can be factored. It is an open question if breaking RSA is equivalent to factoring the modulus. The paper presents several modified RSA cryptosystems for which breaking is as difficult as factoring the modulus and gives a general theory for such systems.


Public-key cryptography factorization problem discrete logarithm problem RSA cryptosystem Dickson cryptosystem LUC cryptosystem Williams cryptosystem ElGamal cryptosystem cryptanalysis secure keys 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    H.Aly and W.B.Müller, Public-Key Cryptosystems based on Dickson Polynomials.Proceedings of the 1st International Conference on the Theory and Applications of Cryptology, PRAGOCRYPT'96, JiŘ PŘibyl, CTU Publishing House, 493–504 (1996).Google Scholar
  2. 2.
    Coppersmith, D., Fast Evaluation of Logarithms in Fields of Characteristic Two.IEEE Transaction on Information Theory 30, 587–594 (1984).MATHMathSciNetCrossRefGoogle Scholar
  3. 3.
    Coppersmith, D., Odlyzko A., Schroeppel R., Discrete Logarithms in GF(p). Algorithmica 1, 1–16 (1986).MATHMathSciNetCrossRefGoogle Scholar
  4. 4.
    de Jonge, W., Chaum, D., Attacks on some RSA signatures. Advances in Cryptology — CRYPTO '85, Lecture Notes in Computer Science 218, 18–27 (1986).Google Scholar
  5. 5.
    Diffie, W., Hellman, M.E., New Directions in Cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976).MATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    ElGamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985).MATHMathSciNetCrossRefGoogle Scholar
  7. 7.
    Gordon, J., Strong Primes are Easy to Find. Advances in Cryptology — EUROCRYPT '84, Lecture Notes in Computer Science 209, 216–223 (1985).MATHGoogle Scholar
  8. 8.
    Herlestam, T., Critical remarks on some public-key cryptosystems. BIT 18, 493–496 (1978).MATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    Koblitz, N., A Course in Number Theory and Cryptography. New York: Springer-Verlag, 1994.MATHGoogle Scholar
  10. 10.
    Kurosawa, K., Ito, T., Takeuchi, M., Public key cryptosystem using a reciprocal number with the same intractability as factoring a large number. Cryptologia 12, 225–233 (1988).MATHMathSciNetGoogle Scholar
  11. 11.
    Laih, C.-S., Tu, F.-K., Tai, W.-C., On the security of the Lucas function. Information Processing Letters 53, 243–247 (1995).MATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    Lenstra, A.K., Lenstra Jr., H.W., The Development of the Number Field Sieve.Lecture Notes in Mathematics 1554, Berlin: Springer-Verlag, 1993.Google Scholar
  13. 13.
    Lidl, R., Mullen, G.L., Turnwald, G., Dickson Polynomials. Pitman Monographs and Surveys in Pure and Applied Mathematics 65, Essex: Longman Scientific&Technical, 1993.Google Scholar
  14. 14.
    Lidl, R., Müller, W.B., Permutation polynomials in RSA-cryptosystems. Advances in Cryptology — CRYPTO '83, Plenum Press, 293–301 (1984).Google Scholar
  15. 15.
    Lidl, R., Müller, W.B., On Commutative Semigroups of Polynomials with Respect to Composition. Mh.Math. 102, 139–153 (1986).MATHCrossRefGoogle Scholar
  16. 16.
    Lidl, R., Müller, W.B., Oswald, A., Some Remarks on Strong Fibonacci Pseudoprimes. AAECC 1, 59–65 (1990).MATHCrossRefGoogle Scholar
  17. 17.
    Loxton, J.H., Khoo, D.D., Bird, G.J., Seberry, J., A Cubic RSA Code Equivalent to Factorization. Journal of Cryptology 5, 139–150 (1992).MATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    Menezes, A., Elliptic Curve Public Key Cryptosystems. Boston: Kluwer Academic Publishers, 1993.MATHGoogle Scholar
  19. 19.
    Menezes, A.J., van Oorschot, P.C., Vanstone, A.A., Handbook of Applied Cryptography. Boca Raton, New York, London, Tokyo: CRC Press, 1997.MATHGoogle Scholar
  20. 20.
    More, W., Der QNR-Primzahltest. Dissertation UniversitÄt Klagenfurt, Klagenfurt (Austria), 1994.Google Scholar
  21. 21.
    Müller, S., Some Remarks on Williams' Public-Key Crypto-Functions. Preprint, University of Klagenfurt, Klagenfurt (Austria), 1998.Google Scholar
  22. 22.
    Müller, W.B., Nöbauer, R., Cryptanalysis of the Dickson-Scheme. Advances in Cryptology — EUROCRYPT '85, Lecture Notes in Computer Science 219, 50–61 (1986).MATHGoogle Scholar
  23. 23.
    Müller, W.B., Nöbauer, W., Some remarks on public-key cryptosystems. Studia Sci.Math.Hungar. 16, 71–76 (1981).MATHMathSciNetGoogle Scholar
  24. 24.
    Müller, W.B., Nöbauer, W., über die Fixpunkte der Potenzpermutationen.österr.Akad.d.Wiss.Math.Naturwiss.Kl.Sitzungsber.II, 192,93–97 (1983).MATHGoogle Scholar
  25. 25.
    Nöbauer, R., über die Fixpunkte von durch Dicksonpolynome dargestellten Permutationen. Acta Arithmetica 45, 91–99 (1985).Google Scholar
  26. 26.
    Pomerance, C., The quadratic sieve factoring algorithm. Advances in Cryptology — EUROCRYPT'84, Lecture Notes in Computer Science 209, 169–182 (1985).MATHMathSciNetGoogle Scholar
  27. 27.
    Postl, H., Fast evaluation of Dickson polynomials. Contributions to General Algebra 6 — Dedicated to the Memory of Wilfried Nöbauer ( Dorninger, D.,Eigenthaler, G., Kaiser H.K., Müller, W.B.), Stuttgart: B.G.Teubner Verlag, 223–225 (1988).Google Scholar
  28. 28.
    Rabin, M.O., Digitalized signatures and public-key functions as intractable as factorization. MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.Google Scholar
  29. 29.
    Ribenboim, P., The book of prime number records. Berlin, Heidelberg, New York:Springer-Verlag, 1988.MATHGoogle Scholar
  30. 30.
    Riesel H., Prime Numbers and Computer Methods for Factorization. Boston, Basel, Stuttgart: BirkhÄuser, 1985.MATHGoogle Scholar
  31. 31.
    Rivest, R.L., Shamir, A., Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21, 120–126 (1978).MATHMathSciNetCrossRefGoogle Scholar
  32. 32.
    Rivest, R.L., Remarks on a proposed cryptanalytic attack on the M.I.T. public-key cryptosystem. Cryptologia 2, 62–65 (1978).Google Scholar
  33. 33.
    Salomaa, A., Public-key Cryptography. Berlin: Springer-Verlag, 1990.MATHGoogle Scholar
  34. 34.
    Schneidler, R., Williams, H. C., A Public-Key Cryptosystem Utilizing Cyclotomic Fields. Designs, Codes and Cryptography, 6, 117–131 (1995)CrossRefGoogle Scholar
  35. 35.
    Simmons, G.J., Norris, N.J., Preliminary comments on the M.I.T. public-key cryptosystem. Cryptologia 1, 406–414 (1977).Google Scholar
  36. 36.
    Smith, P.J., LUC public-key encryption: A secure alternative to RSA, Dr. Dobb's Journal 18, No. 1, 44–49 and 90–92 (1993).Google Scholar
  37. 37.
    Smith, P.J, Lennon, M.J.J, LUC: A New Public Key System, IFIP/Sec '93, Proceedings of the Ninth IFIP International Symposium on Computer Security, Ontario, Canada, 97–111 (1993).Google Scholar
  38. 38.
    Wiener, M.J., Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36, 553–558 (1990).MATHMathSciNetCrossRefGoogle Scholar
  39. 39.
    Williams H. C., A modification of the RSA Public-Key Encryption Procedure. IEEE Trans. Inf. Theory, Vol. IT-26, No. 6, 726–729 (1980).CrossRefGoogle Scholar
  40. 40.
    Williams, H.C., A p+1 method of factoring. Math.Comp. 39, 225–234 (1982).MATHMathSciNetCrossRefGoogle Scholar
  41. 41.
    Williams, H.C., Some public-key crypto-functions as intractable as factorization. Cryptologia 9, 223–237 (1985).MATHMathSciNetGoogle Scholar
  42. 42.
    Williams H. C., An M 3 public-Key Encryption Scheme. Advances in Cryptology — CRYPTO'85, Lecture Notes in Computer Science 218, 358–368 (1986).MATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Siguna Müller
    • 1
  • Winfried B. Müller
    • 1
  1. 1.Institut für MathematikUniversitÄt KlagenfurtKlagenfurtAustria

Personalised recommendations