Coppersmith's lattices and ``focus groups: an attack on small-exponent RSA
From MaRDI portal
Publication:1998906
Abstract: We present a principled technique for reducing the lattice and matrix size in some applications of Coppersmith's lattice method for finding roots of modular polynomial equations. Motivated by ideas from machine learning, it relies on extrapolating patterns from the actual behavior of Coppersmith's attack for smaller parameter sizes, which can be thought of as "focus group" testing. When applied to the small-exponent RSA problem, our technique reduces lattice dimensions and consequently running times, and hence can be applied to a wider range of exponents. Moreover, in many difficult examples our attack is not only faster but also more successful in recovering the RSA secret key. We include a discussion of subtleties concerning whether or not existing metrics (such as enabling condition bounds) are decisive in predicting the true efficacy of attacks based on Coppersmith's method. Finally, indications are given which suggest certain lattice basis reduction algorithms (such as Nguyen-Stehl'e's L2) may be particularly well-suited for Coppersmith's method.
Recommendations
Cites work
- scientific article; zbMATH DE number 1182510 (Why is no real title available?)
- scientific article; zbMATH DE number 1852133 (Why is no real title available?)
- A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants
- A method for obtaining digital signatures and public-key cryptosystems
- A unified framework for small secret exponent attack on RSA
- A variant of Wiener's attack on RSA
- An LLL algorithm with quadratic complexity
- Approximate common divisors via lattices
- Cryptanalysis of RSA with private key d less than N/sup 0.292/
- Cryptanalysis of short RSA secret exponents
- Factoring RSA keys from certified smart cards: Coppersmith in the wild
- Factoring polynomials with rational coefficients
- Finding a small root of a bivariate integer equation; factoring with high bits known
- Mathematics of public key cryptography.
- Maximizing small root bounds by linearization and applications to small secret exponent RSA
- Toward a Rigorous Variation of Coppersmith’s Algorithm on Three Variables
Cited in
(10)- Lattice Attacks on RSA-Encrypted IP and TCP
- Lattice-based integer factorisation: an introduction to Coppersmith's method
- Forty years of attacks on the RSA cryptosystem: a brief survey
- On the optimality of lattices for the Coppersmith technique
- Lattice-based cryptanalysis of RSA cryptosystem
- scientific article; zbMATH DE number 1852133 (Why is no real title available?)
- Toward a Rigorous Variation of Coppersmith’s Algorithm on Three Variables
- On the optimality of lattices for the Coppersmith technique
- Maximizing small root bounds by linearization and applications to small secret exponent RSA
- Practical attacks on small private exponent RSA: new records and new insights
This page was built for publication: Coppersmith's lattices and ``focus groups: an attack on small-exponent RSA
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q1998906)
