当前位置: X-MOL 学术Adv. Math. Commun. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Finding small solutions of the equation \begin{document}$ \mathit{{Bx-Ay = z}} $\end{document} and its applications to cryptanalysis of the RSA cryptosystem
Advances in Mathematics of Communications ( IF 0.9 ) Pub Date : 2020-04-08 , DOI: 10.3934/amc.2020076
Shixiong Wang , Longjiang Qu , Chao Li , Shaojing Fu , Hao Chen

In this paper, we study the condition of finding small solutions $ (x,y,z) = (x_0, y_0, z_0) $ of the equation $ Bx-Ay = z $. The framework is derived from Wiener's small private exponent attack on RSA and May-Ritzenhofen's investigation about the implicit factorization problem, both of which can be generalized to solve the above equation. We show that these two methods, together with Coppersmith's method, are equivalent for solving $ Bx-Ay = z $ in the general case. Then based on Coppersmith's method, we present two improvements for solving $ Bx-Ay = z $ in some special cases. The first improvement pays attention to the case where either $ \gcd(x_0,z_0,A) $ or $ \gcd(y_0,z_0,B) $ is large enough. As the applications of this improvement, we propose some new cryptanalysis of RSA, such as new results about the generalized implicit factorization problem, attacks with known bits of the prime factor, and so on.

中文翻译:

寻找方程的小解 \ begin {document} $ \ mathit {{Bx-Ay = z}} $ \ end {document} 及其在RSA密码系统的密码分析中的应用

在本文中,我们研究了找到方程$ Bx-Ay = z $的小解$(x,y,z)=(x_0,y_0,z_0)$的条件。该框架源于Wiener对RSA的小型私有指数攻击以及May-Ritzenhofen对隐式因式分解问题的研究,二者均可推广解决上述方程式。我们表明,在一般情况下,这两种方法以及Coppersmith的方法对于求解$ Bx-Ay = z $是等效的。然后基于Coppersmith的方法,我们给出了在某些特殊情况下解决$ Bx-Ay = z $的两个改进。第一个改进是注意$ \ gcd(x_0,z_0,A)$或$ \ gcd(y_0,z_0,B)$足够大的情况。作为这项改进的应用,我们建议对RSA进行一些新的密码分析,
更新日期:2020-04-08
down
wechat
bug