Interpolation of Functions Related to the Integer Factoring Problem
|
|
- Lorena Paul
- 6 years ago
- Views:
Transcription
1 Interpolation of Functions Related to the Integer Factoring Problem Clemens Adelmann 1 and Arne Winterhof 2 1 Institut für Analysis und Algebra, Technische Universität Braunschweig, Pockelsstraße 14, D Braunschweig, Germany. c.adelmann@tu-bs.de 2 Johann Radon Institute for Computational and Applied Mathematics, Altenberger Straße 69, A-4040 Linz, Austria. arne.winterhof@oeaw.ac.at Abstract. The security of the RSA public key cryptosystem depends on the intractability of the integer factoring problem. This paper shall give some theoretical support to the assumption of hardness of this number theoretic problem. We obtain lower bounds on degree, weight, and additive complexity of polynomials interpolating functions related to the integer factoring problem, including Euler s totient function, the divisor sum functions, Carmichael s function, and the RSA-function. These investigations are motivated by earlier results of the same flavour on the interpolation of discrete logarithm and Diffie-Hellman mapping. Keywords: polynomials, degree, weight, additive complexity, factoring problem, RSA-problem, Euler s totient function, divisor sum function, Carmichael s function. 1 Introduction Computationally difficult number theoretic problems like the discrete logarithm problem or the integer factoring problem play a fundamental role in public key cryptography. The Diffie-Hellman key exchange depends on the intractability of the discrete logarithm problem and the RSA cryptosystem is based on the hardness of the integer factoring problem (see e. g. [27, Chapter 3]). In the monograph [40] (or its predecessor [38]) and the series of papers [2 4, 8, 10, 14 26, 30 32, 37, 43 45] several results on discrete logarithm problem and Diffie-Hellman problem supporting the assumption of their hardness were proven. In particular, it was shown that there are no low degree or sparse interpolation polynomials of discrete logarithm and Diffie-Hellman mapping for a large set of given data. In the present paper we prove analog results for functions related to the integer factoring problem. We restrict ourselves to the case of factoring RSA-integers N = pq with two odd primes p < q.
2 2 Clemens Adelmann and Arne Winterhof In Section 3 we investigate real and integer interpolation polynomials of mappings allowing to factor N, including Euler s totient function Carmichael s function and divisor sum functions ϕ(pq) = (p 1)(q 1), λ(pq) = ϕ(pq) gcd(p 1, q 1), σ n (pq) = (p n + 1)(q n + 1) with a small positive integer n, and factoring functions ψ n,m (pq) = p n q m with small different nonnegative integers n and m. In Section 4 we prove a lower bound on degree and weight of an integer polynomial representing the RSA-function f(x) x d mod pq, x S, for a subset S of Z pq = {1 x < pq : gcd(x, pq) = 1} and some integer d with gcd(d, (p 1)(q 1)) = 1. We collect some auxiliary results on polynomials in the next section. 2 Preliminaries A proof of the following useful relation between the number of zeros and the degree of a multivariate polynomial, which extends the well-known relation for univariate polynomials, can be found in [11, Lemma 6.44.]. Lemma 1. Let D be an integral domain, n N, S D, and f D[X 1,..., X n ] be a polynomial of total degree d, with at least N zeros in S n. If f is not the zero polynomial, then we have d N S n 1. The additive complexity C ± (f) of a polynomial f(x) is the smallest number of + and signs necessary to write down this polynomial. In [33, 34] the number of different zeros of a real polynomial was estimated in terms of its additive complexity. Lemma 2. For a nonzero polynomial f(x) R[X] having N different real zeros we have ( ) 1/2 1 C ± (f) 5 log(n), where log(n) is the binary logarithm.
3 Interpolation of Functions Related to the Integer Factoring Problem 3 In [35, 36] the following improvement was obtained for integer polynomials. Lemma 3. For a nonzero polynomial f(x) Z[X] having N different rational zeros we have log(n) = O(C ± (f) log(c ± (f))). The weight w(f) of a polynomial f is the number of its nonzero coefficients. For polynomials over a finite field F q of q elements we have the following lower bound on the weight (see [40, Lemma 2.5]). Lemma 4. Let f(x) F q [X] be a nonzero polynomial of degree at most q 2 with N different zeros in F q. Then we have w(f) q 1 q 1 N. Obviously, for any univariate polynomial f we have C ± (f) w(f) 1 deg(f). 3 Interpolation of Factoring Functions For example, the knowledge of the value ϕ(n) = (p 1)(q 1) of Euler s totient function at an integer N = pq with unknown primes p and q is sufficient to determine p and q by solving the quadratic equation X 2 + (ϕ(n) N 1)X + N = 0. (1) In general, let g(x) and h(x) be (known) real rational functions, such that the product g(x)h(n/x) is not constant. Then from the knowledge of the values in N = pq of a function f with the property f(n) = g(p)h(q) = g(p)h(n/p) we can determine the unknown factors p and q of N by solving an algebraic equation which is derived from g(x)h(n/x) = f(n) (2) by clearing denominators and negative powers of X. If we could interpolate the function f by a polynomial of low degree or low additive complexity and the degree of the algebraic equation derived from (2) were small, then we could efficiently factorize N. Hence, it becomes important to prove lower bounds on degree and additive complexity of such interpolation polynomials. First we prove lower bounds on degree and additive complexity of a real polynomial with some special prescribed values.
4 4 Clemens Adelmann and Arne Winterhof Proposition 1. For M 3 let be a set of ordered reals, 0 < a 1 < a 2 <... < a M g : {a 1, a 2,..., a M 1 } R, h : {a 2, a 3,..., a M } R, real valued functions, and G the unique interpolation polynomial of g of degree at most M 2. Let f R[X] be a polynomial satisfying f(a i a j ) = g(a i )h(a j ), 1 i < j M. If there exist 1 i < j M 1 such that ( ) ai a j G h(a M ) g(a i )h(a j ) (3) a M then we have deg(f) M 1, C ± (f) ( ) 1/2 1 log(m 1) C ± (G) 1, 5 and if f(a M X) h(a M )G(X) Q[X] and a 1,..., a M 1 Q then we have ( ) log(m) C ± (f) + C ± (G) = Ω. log log(m) Proof. The polynomial F (X) = f(a M X) G(X)h(a M ) (4) is not identically zero by (3) and has zeros at a 1,..., a M 1. So we have max(deg(f), M 2) max(deg(f), deg(g)) deg(f ) M 1 by Lemma 1 and thus deg(f) M 1. By Lemma 2 and observing that C ± (F ) C ± (f) + C ± (G) + 1 we obtain our second assertion. The third assertion follows by Lemma 3 if we multiply (4) with the least common denominator of the coefficients of F. Condition (3) in Proposition 1 is necessary and natural. For example, if the given values are g(a i ) = h(a i ) = a n i, i = 1,..., M,
5 Interpolation of Functions Related to the Integer Factoring Problem 5 with M n + 2, they determine the interpolation polynomial f(x) = X n of degree n M 2 having additive complexity 0. However, the interpolation polynomial of g is G(X) = X n and we have ( ) ai a j G h(a M ) = a n i a n j = g(a i )h(a j ), 1 i < j M 1, a M contradicting (3). On the other hand, if g and h are polynomials of small degree with respect to M, then (3) being not valid implies that g(x)h(y ) = g(xy/a M )h(a M ) by Lemma 1. Hence, for each fixed curve Y = N/X the polynomial g(x)h(n/x) is constant and (2) cannot be used to determine the factorization of N. Proposition 1 provides lower bounds on degree and additive complexity of real polynomials f interpolating several well-known functions, as generalizations of Euler s totient function and generalized divisor sums ϕ n (pq) = (p n 1)(q n 1), n 0, (5) σ n (pq) = (p n + 1)(q n + 1), n 0, (6) but also factoring functions ψ n,m of the form ψ n,m (pq) = p n q m, n m, (7) where n and m are nonnegative integers and p and q are primes with p < q. Theorem 1. For M 3 let p 1 < p 2 <... < p M be a set of primes and F a function of the form (5), (6), or (7). Let f R[X] be a polynomial satisfying f(p i p j ) = F (p i p j ), 1 i < j M. Then we have and C ± (f) deg(f) M 1 ( ) 1/2 1 log (M 1) 2. 5 Proof. Since the functions (( a ) n ) h n (X) = 1 (X n 1), a > 0, n = 1, 2,..., X are decreasing for x > a we have for all 1 i < j < k M, (( pi p j p k ) n 1) (p n k 1) < (p n i 1)(p n j 1)
6 6 Clemens Adelmann and Arne Winterhof and (3) is satisfied in case of generalizations of Euler s totient function. Since h n (X) = are increasing for x > a we have (( pi p j (( a X ) n + 1 ) (X n + 1), a > 0, n = 1, 2,..., p k ) n + 1) (p n k + 1) > (p n i + 1)(p n j + 1) and (3) is satisfied in case of generalized divisor sums. Trivially, we have ( pi p j p k ) n p m k p n i p m j for all n m and (3) is satisfied in case of factoring functions. Now the Theorem follows by Proposition 1. Proposition 1 does not apply to the Carmichael function λ(n) = ϕ(n) gcd(p 1, q 1), N = pq, with two odd primes p q, which can also be used to factorize N. We first study how λ can be used to factor N. Proposition 2. Let N = pq be a product of two unknown odd primes p < q and put = N/λ(N). Then either = p or p and q are the solutions of the quadratic equation X 2 + ( λ(n) N 1)X + N = 0. Proof. Put g = gcd(p 1, q 1). Then we have N λ(n) 2g p 1 < g < N λ(n) 2g q 1. If g = p 1, then we have N/λ(N) = p + p/(q 1), such that = p. If g (p 1)/2, then the above inequalities give N/λ(N) 1 < g < N/λ(N) and thus = g. Hence in this case we have ϕ(n) = λ(n) and can determine p and q from the quadratic equation (1). Next we prove an analog of Theorem 1 for the Carmichael function. Let τ(x) denote the number of positive divisors of an integer x.
7 Interpolation of Functions Related to the Integer Factoring Problem 7 Theorem 2. For M 3 let p 1 < p 2 <... < p M be a set of primes and f R[X] be a polynomial satisfying f(p i p j ) = (p i 1)(p j 1) gcd(p i 1, p j 1), 1 i < j M. Put T = min 1 i M τ(p i 1). Then we have deg(f) M 1 T and ( ( )) 1/2 1 M 1 C ± (f) 5 log 2. T Proof. Choose 1 k M with τ(p k 1) = min τ(p i 1). 1 i M For each divisor d of p k 1 we define a polynomial F d (X) = f(p k X) (X 1)(p k 1). d Then each p i with 1 i M and i k is a zero of at least one F d. These polynomials are not identically zero. Otherwise, for three different primes p i, p j, p k, F d (p i p j /p k ) = 0 yields a monic quadratic equation in p k with constant term p i p j, and the only possible integral solutions p k have to be divisors of p i p j, which is impossible by assumption. Now the result follows analogously to the proof of Proposition 1 by the pigeon hole principle. Remark. The dependence of the result on T may indicate that factoring integers N = pq is easier if p 1 and q 1 are smooth which fits to the expected running time of Pollard s p 1 factoring algorithm. On the other hand the expected running time of the (in general faster) number field sieve does not depend on the factorization of p 1 and q 1. 4 Interpolation of the RSA-Function The RSA problem is the following: Given a positive integer N that is a product of two distinct odd primes p and q, a positive integer e such that gcd(e, (p 1)(q 1)) = 1, and an integer c, find an integer m such that m e c mod N. In other words, if d is an (unknown) integer with ed 1 mod (p 1)(q 1) then we have to evaluate the mapping f(x) = x d in c. The following result excludes the existence of very simple interpolation polynomials of this mapping in the case of low public exponent e.
8 8 Clemens Adelmann and Arne Winterhof Theorem 3. Let N = pq be the product of two odd primes with p < q. Choose integers d, e > 1 such that ed 1 mod (p 1)(q 1). Let S Z N be a set of size s 2. If f(x) = m i=0 a ix i Z[X] is a polynomial with degree m < (q 1)/e and gcd(a 0,..., a m, N) = 1 which satisfies f(x) x d mod N for all x S, then we have ( ) s deg(f) max e(p 1), s1/2 e and ( ) 1/e s w(f). (p 1)(q 1) s Proof. Put F (X) = f(x) e X. Since s 2 and e > 1 the interpolation polynomial f(x) is not constant and we have deg(f ) = e deg(f). For n 1 let Z n (F ) denote the number of different zeros of F mod n lying in Z n. We have Z pq (F ) = Z p (F )Z q (F ) by the Chinese Remainder Theorem. From our conditions on f we infer that deg(f ) < q 1. Thus s Z p (F )Z q (F ) (p 1)Z q (F ) (p 1) deg(f ) = e(p 1) deg(f). If s < (p 1) 2 then we may assume deg(f ) = e deg(f) < p 1 and get s Z p (F )Z q (F ) (deg(f )) 2 = (e deg(f)) 2. By Lemma 4 and the same arguments we get w(f ) q 1 q 1 Z q (F ) q 1 (p 1)(q 1) = q 1 s/(p 1) (p 1)(q 1) s, and the last statement is a consequence of w(f ) (w(f)) e + 1. If d is small then e has to be large and the lower bounds become very weak. In this case the attack of [42] for small d (see also [5, Section 3]) solves the RSAproblem. It should be also mentioned that for low public exponents e attacks on RSA are known [6, 7, 13]. 5 Some Related Results In [1] it was shown that if the discrete logarithm problem in Z N can be solved in polynomial time, then N can be factored in polynomial time, and the Diffie- Hellman problem in Z N is at least as difficult as the problem of factoring N. Most of the results on the discrete logarithm and the Diffie-Hellman mapping modulo a prime in [40] can be extended to composite moduli. Such results can also be regarded as complexity lower bounds on functions related to the factoring problem of the same flavour as in this paper.
9 Interpolation of Functions Related to the Integer Factoring Problem 9 The linear complexity of several sequences related to the factoring problem including RSA-generator, Blum-Blum-Shub-generator, and two prime generator was investigated in [4, 9, 12, 39]. Finally, we mention that an analog of Theorem 3 for the LUC cryptosystem can be easily proven, where instead of monomial X d Dickson polynomials are used (see [28, 29, 41]). Acknowledgments Parts of this paper were written during a visit of the first author to RICAM. He wishes to thank the Austrian Academy of Sciences for hospitality and financial support. The second author is supported by the Austrian Academy of Sciences and by the Austrian Science Fund (FWF) grant S8313. We wish to thank Tanja Lange for helpful discussions. References 1. E. Bach, Discrete logarithms and factoring, Report No. UCB/CSD , Computer Science Division (EECS), University of California, Berkeley, California, N. Brandstätter, T. Lange, and A. Winterhof, Interpolation of the discrete logarithm in finite fields of characteristic two by Boolean functions (Extended abstract), Workshop on Coding and Cryptography (WCC) 2005, N. Brandstätter and A. Winterhof, Approximation of the discrete logarithm in finite fields of even characteristic by real polynomials, Preprint N. Brandstätter and A. Winterhof, Some notes on the two-prime generator, IEEE Trans. Inform. Theory., to appear. 5. D. Boneh, Twenty years of attacks on the RSA cryptosystem, Notices Amer. Math. Soc. 46 (1999), D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring (extended abstract), Advances in cryptology EUROCRYPT 98 (Espoo), Lecture Notes in Comput. Sci. 1403, Springer, Berlin, 1998, D. Coppersmith, Finding a small root of univariate modular equation, Advances in cryptology EUROCRYPT 96 (Saragossa, 1996), Lecture Notes in Comput. Sci. 1070, Springer, Berlin, 1996, ,. 8. D. Coppersmith and I. Shparlinski, On polynomial approximation of the discrete logarithm and the Diffie-Hellman mapping, J. Cryptology 13 (2000), C. Ding, Linear complexity of generalized cyclotomic binary sequences of order 2, Finite Fields Appl. 3 (1997), C. Ding and T. Helleseth, On cyclotomic generator of order r, Inform. Process. Lett. 66 (1998), J. von zur Gathen and J. Gerhard, Modern Computer Algebra, Cambridge University Press, New York, F. Griffin and I. Shparlinski, On the linear complexity profile of the power generator, IEEE Trans. Inform. Theory 46 (2000), J. Hastad, Solving simultaneous modular equations of low degree, SIAM J. Comput. 17 (1988),
10 10 Clemens Adelmann and Arne Winterhof 14. E. Kiltz and A. Winterhof, Lower bounds on weight and degree of bivariate polynomials related to the Diffie-Hellman mapping, Bull. Austral. Math. Soc. 69 (2004), E. Kiltz and A. Winterhof, Polynomial interpolation of cryptographic functions related to Diffie-Hellman and discrete logarithm problem, Discrete Appl. Math., to appear. 16. S. Konyagin, T. Lange, and I. Shparlinski, Linear complexity of the discrete logarithm, Des. Codes Cryptogr. 28 (2003), T. Lange and A. Winterhof, Polynomial interpolation of the elliptic curve and XTR discrete logarithm, Proceedings of the 8th Annual International Computing and Combinatorics Conference (COCOON 02) (Singapore, 2002), Springer, 2002, T. Lange and A. Winterhof, Incomplete character sums over finite fields and their application to the interpolation of the discrete logarithm by Boolean functions, Acta Arith. 101 (2002), T. Lange and A. Winterhof, Interpolation of the discrete logarithm in F q by Boolean functions and by polynomials in several variables modulo a divisor of q 1, International Workshop on Coding and Cryptography (WCC 2001) (Paris), Discrete Appl. Math. 128 (2003), T. Lange and A. Winterhof, Interpolation of the elliptic curve Diffie-Hellman mapping, Lecture Notes in Comput. Sci. 2643, Springer, Berlin, 2003, E. El Mahassni and I. Shparlinski, Polynomial representations of the Diffie-Hellman mapping, Bull. Austral. Math. Soc. 63 (2001), W. Meidl and A. Winterhof, Lower bounds on the linear complexity of the discrete logarithm in finite fields, IEEE Trans. Inform. Theory 47 (2001), W. Meidl and A. Winterhof, A polynomial representation of the Diffie-Hellman mapping, Appl. Algebra Engrg. Comm. Comput. 13 (2002), G.C. Meletiou, Explicit form for the discrete logarithm over the field GF(p, k), Arch. Math. (Brno) 29 (1993), G.C. Meletiou, Explicit form for the discrete logarithm over the field GF(p, k), Bul. Inst. Politeh. Iaşi. Secţ. I. Mat. Mec. Teor. Fiz. 41(45) (1995), G. Meletiou and G.L. Mullen, A note on discrete logarithms in finite fields, Appl. Algebra Engrg. Comm. Comput. 3 (1992), A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of applied cryptography. With a foreword by Ronald L. Rivest, CRC Press Series on Discrete Mathematics and its Applications, CRC Press, Boca Raton, FL, W.B. Müller and W. Nöbauer, Some remarks on public-key cryptosystems, Studia Sci. Math. Hungar. 16 (1981) W.B. Müller and R. Nöbauer, Cryptanalysis of the Dickson-scheme, Lecture Notes in Comput. Sci. 219 (1985) G.L. Mullen and D. White, A polynomial representation for logarithms in GF(q), Acta Arith. 47 (1986), H. Niederreiter, A short proof for explicit formulas for discrete logarithms in finite fields, Appl. Algebra Engrg. Comm. Comput. 1 (1990), H. Niederreiter and A. Winterhof, Incomplete character sums and polynomial interpolation of the discrete logarithm, Finite Fields Appl. 8 (2002), J.-J. Risler, Hovansky s theorem and complexity theory. Ordered fields and real algebraic geometry (Boulder, Colo., 1983), Rocky Mountain J. Math. 14 (1984), J.-J. Risler, Additive complexity and zeros of real polynomials, SIAM J. Comput. 14 (1985),
11 Interpolation of Functions Related to the Integer Factoring Problem J.M. Rojas, Additive complexity and p-adic roots of polynomials, Lecture Notes in Comput. Sci. 2369, Springer, Berlin, 2002, J.M. Rojas, Arithmetic multivariate Descartes rule, Amer. J. Math. 126 (2004), T. Satoh, On degrees of polynomial interpolations related to elliptic curve cryptography (Extended abstract), Workshop on Coding and Cryptography (WCC) 2005, I. Shparlinski, Number theoretic methods in cryptography. Complexity lower bounds, Progress in Computer Science and Applied Logic, 17, Birkhäuser, Basel, I. Shparlinski, On the linear complexity of the power generator, Des. Codes Cryptogr. 23 (2001), I. Shparlinski, Cryptographic applications of analytic number theory. Complexity lower bounds and pseudorandomness, Progress in Computer Science and Applied Logic, 22, Birkhäuser, Basel, P. Smith and M. Lennon, LUC: a new public key system, in: Proceedings of the Ninth IFIP Int. Symp. on Computer Security, North Holland, 1993, M. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory 36 (1990), A. Winterhof, A note on the interpolation of the Diffie-Hellman mapping, Bull. Austral. Math. Soc. 64 (2001), A. Winterhof, Polynomial interpolation of the discrete logarithm, Des. Codes Cryptogr. 25 (2002), A. Winterhof, A note on the linear complexity profile of the discrete logarithm in finite fields, Progress Comp. Sci. Appl. Logic 23 (2004),
Aitken and Neville Inverse Interpolation Methods over Finite Fields
Appl. Num. Anal. Comp. Math. 2, No. 1, 100 107 (2005) / DOI 10.1002/anac.200410027 Aitken and Neville Inverse Interpolation Methods over Finite Fields E.C. Laskari 1,3, G.C. Meletiou 2,3, and M.N. Vrahatis
More informationON THE INTERPOLATION OF BIVARIATE POLYNOMIALS RELATED TO THE DIFFIE-HELLMAN MAPPING. ElKE KlLTZ AND ARNE WlNTERHOF
BULL. AUSTRAL. MATH. SOC. VOL. 69 (2004) [305-315] 11TO6, 11T71, 68Q17 ON THE INTERPOLATION OF BIVARIATE POLYNOMIALS RELATE TO THE IFFIE-HELLMAN MAPPING ElKE KlLTZ AN ARNE WlNTERHOF We obtain lower bounds
More informationCarlitz Rank and Index of Permutation Polynomials
arxiv:1611.06361v1 [math.co] 19 Nov 2016 Carlitz Rank and Index of Permutation Polynomials Leyla Işık 1, Arne Winterhof 2, 1 Salzburg University, Hellbrunnerstr. 34, 5020 Salzburg, Austria E-mail: leyla.isik@sbg.ac.at
More informationOn the N th linear complexity of p-automatic sequences over F p
On the N th linear complexity of p-automatic sequences over F p László Mérai and Arne Winterhof Johann Radon Institute for Computational and Applied Mathematics Austrian Academy of Sciences Altenbergerstr.
More informationComputing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring
Computing the RSA Secret Key is Deterministic Polynomial Time Equivalent to Factoring Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn 33102 Paderborn,
More informationNON-LINEAR COMPLEXITY OF THE NAOR REINGOLD PSEUDO-RANDOM FUNCTION
NON-LINEAR COMPLEXITY OF THE NAOR REINGOLD PSEUDO-RANDOM FUNCTION William D. Banks 1, Frances Griffin 2, Daniel Lieman 3, Igor E. Shparlinski 4 1 Department of Mathematics, University of Missouri Columbia,
More informationIncomplete exponential sums over finite fields and their applications to new inversive pseudorandom number generators
ACTA ARITHMETICA XCIII.4 (2000 Incomplete exponential sums over finite fields and their applications to new inversive pseudorandom number generators by Harald Niederreiter and Arne Winterhof (Wien 1. Introduction.
More informationNew attacks on RSA with Moduli N = p r q
New attacks on RSA with Moduli N = p r q Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationSolving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?
Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? Alexander May, Maike Ritzenhofen Faculty of Mathematics Ruhr-Universität Bochum, 44780 Bochum,
More informationA New Attack on RSA with Two or Three Decryption Exponents
A New Attack on RSA with Two or Three Decryption Exponents Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France nitaj@math.unicaen.fr http://www.math.unicaen.fr/~nitaj
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationEvidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs
Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice
More informationOn transitive polynomials modulo integers
Notes on Number Theory and Discrete Mathematics Print ISSN 1310 5132, Online ISSN 2367 8275 Vol. 22, 2016, No. 2, 23 35 On transitive polynomials modulo integers Mohammad Javaheri 1 and Gili Rusak 2 1
More informationR. Popovych (Nat. Univ. Lviv Polytechnic )
UDC 512.624 R. Popovych (Nat. Univ. Lviv Polytechnic ) SHARPENING OF THE EXPLICIT LOWER BOUNDS ON THE ORDER OF ELEMENTS IN FINITE FIELD EXTENSIONS BASED ON CYCLOTOMIC POLYNOMIALS ПІДСИЛЕННЯ ЯВНИХ НИЖНІХ
More informationA new attack on RSA with a composed decryption exponent
A new attack on RSA with a composed decryption exponent Abderrahmane Nitaj and Mohamed Ould Douh,2 Laboratoire de Mathématiques Nicolas Oresme Université de Caen, Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationarxiv: v1 [cs.cr] 25 Jul 2013
On the k-error linear complexity of binary sequences derived from polynomial quotients Zhixiong Chen School of Applied Mathematics, Putian University, Putian, Fujian 351100, P. R. China ptczx@126.com arxiv:1307.6626v1
More informationCHAPMAN & HALL/CRC CRYPTOGRAPHY AND NETWORK SECURITY ALGORITHMIC CR YPTAN ALY51S. Ant nine J aux
CHAPMAN & HALL/CRC CRYPTOGRAPHY AND NETWORK SECURITY ALGORITHMIC CR YPTAN ALY51S Ant nine J aux (g) CRC Press Taylor 8* Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor &
More informationGeneralized hyper-bent functions over GF(p)
Discrete Applied Mathematics 55 2007) 066 070 Note Generalized hyper-bent functions over GFp) A.M. Youssef Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, H3G
More informationA New Generalization of the KMOV Cryptosystem
J Appl Math Comput manuscript No. (will be inserted by the editor) A New Generalization of the KMOV Cryptosystem Maher Boudabra Abderrahmane Nitaj Received: date / Accepted: date Abstract The KMOV scheme
More informationOleg Eterevsky St. Petersburg State University, Bibliotechnaya Sq. 2, St. Petersburg, , Russia
ON THE NUMBER OF PRIME DIVISORS OF HIGHER-ORDER CARMICHAEL NUMBERS Oleg Eterevsky St. Petersburg State University, Bibliotechnaya Sq. 2, St. Petersburg, 198904, Russia Maxim Vsemirnov Sidney Sussex College,
More informationOn components of vectorial permutations of F n q
On components of vectorial permutations of F n q Nurdagül Anbar 1, Canan Kaşıkcı 2, Alev Topuzoğlu 2 1 Johannes Kepler University, Altenbergerstrasse 69, 4040-Linz, Austria Email: nurdagulanbar2@gmail.com
More informationTHE RSA CRYPTOSYSTEM
THE RSA CRYPTOSYSTEM SILVIA ROBLES Abstract. This paper explores the history and mathematics behind the RSA cryptosystem, including the idea of public key cryptosystems and number theory. It outlines the
More informationA NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT
A NEW ATTACK ON RSA WITH A COMPOSED DECRYPTION EXPONENT Abderrahmane Nitaj 1 and Mohamed Ould Douh 1,2 1 Laboratoire de Mathématiques Nicolas Oresme, Université de Caen, Basse Normandie, France Université
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationSafer parameters for the Chor-Rivest cryptosystem
Safer parameters for the Chor-Rivest cryptosystem L. Hernández Encinas, J. Muñoz Masqué and A. Queiruga Dios Applied Physics Institute, CSIC C/ Serrano 144, 28006-Madrid, Spain {luis, jaime, araceli}@iec.csic.es
More informationModular Reduction without Pre-Computation for Special Moduli
Modular Reduction without Pre-Computation for Special Moduli Tolga Acar and Dan Shumow Extreme Computing Group, Microsoft Research, Microsoft One Microsoft Way, Redmond, WA 98052, USA {tolga,danshu}@microsoft.com
More informationFactorization of integer-valued polynomials with square-free denominator
accepted by Comm. Algebra (2013) Factorization of integer-valued polynomials with square-free denominator Giulio Peruginelli September 9, 2013 Dedicated to Marco Fontana on the occasion of his 65th birthday
More informationNew Variant of ElGamal Signature Scheme
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 34, 1653-1662 New Variant of ElGamal Signature Scheme Omar Khadir Department of Mathematics Faculty of Science and Technology University of Hassan II-Mohammedia,
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationOn the Security of Multi-prime RSA
On the Security of Multi-prime RSA M. Jason Hinek David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G, Canada mjhinek@alumni.uwaterloo.ca June 3, 2006 Abstract.
More informationMultiplicative Order of Gauss Periods
Multiplicative Order of Gauss Periods Omran Ahmadi Department of Electrical and Computer Engineering University of Toronto Toronto, Ontario, M5S 3G4, Canada oahmadid@comm.utoronto.ca Igor E. Shparlinski
More informationOn the Security of Diffie Hellman Bits
On the Security of Diffie Hellman Bits Maria Isabel González Vasco and Igor E. Shparlinski Abstract. Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a hidden element
More informationLecture 14: Hardness Assumptions
CSE 594 : Modern Cryptography 03/23/2017 Lecture 14: Hardness Assumptions Instructor: Omkant Pandey Scribe: Hyungjoon Koo, Parkavi Sundaresan 1 Modular Arithmetic Let N and R be set of natural and real
More informationDistributed computation of the number. of points on an elliptic curve
Distributed computation of the number of points on an elliptic curve over a nite prime eld Johannes Buchmann, Volker Muller, Victor Shoup SFB 124{TP D5 Report 03/95 27th April 1995 Johannes Buchmann, Volker
More informationDifferential properties of power functions
Differential properties of power functions Céline Blondeau, Anne Canteaut and Pascale Charpin SECRET Project-Team - INRIA Paris-Rocquencourt Domaine de Voluceau - B.P. 105-8153 Le Chesnay Cedex - France
More informationOn the Distribution of the Subset Sum Pseudorandom Number Generator on Elliptic Curves
On the Distribution of the Subset Sum Pseudorandom Number Generator on Elliptic Curves Simon R. Blacburn Department of Mathematics Royal Holloway University of London Egham, Surrey, TW20 0EX, UK s.blacburn@rhul.ac.u
More informationAnother Generalization of Wiener s Attack on RSA
Another Generalization of Wiener s Attack on RSA Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France BP 586, 4032 Caen Cedex, France http://www.math.unicaen.fr/~nitaj
More informationPseudorandom Sequences I: Linear Complexity and Related Measures
Pseudorandom Sequences I: Linear Complexity and Related Measures Arne Winterhof Austrian Academy of Sciences Johann Radon Institute for Computational and Applied Mathematics Linz Carleton University 2010
More informationModern Computer Algebra
Modern Computer Algebra JOACHIM VON ZUR GATHEN and JURGEN GERHARD Universitat Paderborn CAMBRIDGE UNIVERSITY PRESS Contents Introduction 1 1 Cyclohexane, cryptography, codes, and computer algebra 9 1.1
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAn Approach to Hensel s Lemma
Irish Math. Soc. Bulletin 47 (2001), 15 21 15 An Approach to Hensel s Lemma gary mcguire Abstract. Hensel s Lemma is an important tool in many ways. One application is in factoring polynomials over Z.
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationON PERMUTATION POLYNOMIALS OF PRESCRIBED SHAPE
ON PERMUTATION POLYNOMIALS OF PRESCRIBED SHAPE AMIR AKBARY, DRAGOS GHIOCA, AND QIANG WANG Abstract. We count permutation polynomials of F q which are sums of m + 2 monomials of prescribed degrees. This
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationPollard s Rho Algorithm for Elliptic Curves
November 30, 2015 Consider the elliptic curve E over F 2 k, where E = n. Assume we want to solve the elliptic curve discrete logarithm problem: find k in Q = kp. Partition E into S 1 S 2 S 3, where the
More informationOn the existence of primitive completely normal bases of finite fields
On the existence of primitive completely normal bases of finite fields Theodoulos Garefalakis a, Giorgos Kapetanakis b, a Department of Mathematics and Applied Mathematics, University of Crete, Voutes
More informationElGamal type signature schemes for n-dimensional vector spaces
ElGamal type signature schemes for n-dimensional vector spaces Iwan M. Duursma and Seung Kook Park Abstract We generalize the ElGamal signature scheme for cyclic groups to a signature scheme for n-dimensional
More informationOn sunlet graphs connected to a specific map on {1, 2,..., p 1}
Annales Mathematicae et Informaticae 49 (018) pp. 101 107 doi: 10.33039/ami.018.05.00 http://ami.uni-eszterhazy.hu On sunlet graphs connected to a specific map on {1,,..., p 1} Omar Khadir a, László Németh
More informationSecurity Level of Cryptography Integer Factoring Problem (Factoring N = p 2 q) December Summary 2
Security Level of Cryptography Integer Factoring Problem (Factoring N = p 2 ) December 2001 Contents Summary 2 Detailed Evaluation 3 1 The Elliptic Curve Method 3 1.1 The ECM applied to N = p d............................
More informationInternational Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 9, No. 1 (2015)
International Electronic Journal of Pure and Applied Mathematics Volume 9 No. 1 2015, 37-43 ISSN: 1314-0744 url: http://www.e.ijpam.eu doi: http://dx.doi.org/10.12732/iejpam.v9i1.5 ON CONSTRUCTION OF CRYPTOGRAPHIC
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationDONG QUAN NGOC NGUYEN
REPRESENTATION OF UNITS IN CYCLOTOMIC FUNCTION FIELDS DONG QUAN NGOC NGUYEN Contents 1 Introduction 1 2 Some basic notions 3 21 The Galois group Gal(K /k) 3 22 Representation of integers in O, and the
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationA. Algebra and Number Theory
A. Algebra and Number Theory Public-key cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationSummation polynomials and the discrete logarithm problem on elliptic curves
Summation polynomials and the discrete logarithm problem on elliptic curves Igor Semaev Department of Mathematics University of Leuven,Celestijnenlaan 200B 3001 Heverlee,Belgium Igor.Semaev@wis.kuleuven.ac.be
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationPseudorandom Sequences II: Exponential Sums and Uniform Distribution
Pseudorandom Sequences II: Exponential Sums and Uniform Distribution Arne Winterhof Austrian Academy of Sciences Johann Radon Institute for Computational and Applied Mathematics Linz Carleton University
More informationLooking beyond XTR. Postbus 9010, 6500 GL Nijmegen, The Netherlands 2 Thales e-security,
Looking beyond XTR Wieb Bosma 1, James Hutton 2, and Eric R. Verheul 3 1 Mathematisch Instituut, Universiteit Nijmegen Postbus 9010, 6500 GL Nijmegen, The Netherlands bosma@sci.kun.nl 2 Thales e-security,
More informationFinite fields and cryptology
Computer Science Journal of Moldova, vol.11, no.2(32), 2003 Ennio Cortellini Abstract The problem of a computationally feasible method of finding the discrete logarithm in a (large) finite field is discussed,
More informationOn the Linear Complexity of Legendre-Sidelnikov Sequences
On the Linear Complexity of Legendre-Sidelnikov Sequences Ming Su Nankai University, China Emerging Applications of Finite Fields, Linz, Dec. 12 Outline Motivation Legendre-Sidelnikov Sequence Definition
More informationA Variation of a Congruence of Subbarao for n = 2 α 5 β, α 0, β 0
Introduction A Variation of a Congruence of Subbarao for n = 2 α 5 β, α 0, β 0 Diophantine Approximation and Related Topics, 2015 Aarhus, Denmark Sanda Bujačić 1 1 Department of Mathematics University
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationCryptanalysis of Unbalanced RSA with Small CRT-Exponent
Cryptanalysis of Unbalanced RSA with Small CRT-Exponent Alexander May Department of Mathematics and Computer Science University of Paderborn 3310 Paderborn, Germany alexx@uni-paderborn.de Abstract. We
More informationSection III.6. Factorization in Polynomial Rings
III.6. Factorization in Polynomial Rings 1 Section III.6. Factorization in Polynomial Rings Note. We push several of the results in Section III.3 (such as divisibility, irreducibility, and unique factorization)
More informationFast arithmetic and pairing evaluation on genus 2 curves
Fast arithmetic and pairing evaluation on genus 2 curves David Freeman University of California, Berkeley dfreeman@math.berkeley.edu November 6, 2005 Abstract We present two algorithms for fast arithmetic
More informationCryptography. Number Theory with AN INTRODUCTION TO. James S. Kraft. Lawrence C. Washington. CRC Press
AN INTRODUCTION TO Number Theory with Cryptography James S Kraft Gilman School Baltimore, Maryland, USA Lawrence C Washington University of Maryland College Park, Maryland, USA CRC Press Taylor & Francis
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationOn Permutation Polynomials over Local Finite Commutative Rings
International Journal of Algebra, Vol. 12, 2018, no. 7, 285-295 HIKARI Ltd, www.m-hikari.com https://doi.org/10.12988/ija.2018.8935 On Permutation Polynomials over Local Finite Commutative Rings Javier
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationPseudo-random Number Generation. Qiuliang Tang
Pseudo-random Number Generation Qiuliang Tang Random Numbers in Cryptography The keystream in the one-time pad The secret key in the DES encryption The prime numbers p, q in the RSA encryption The private
More informationChallenges in Solving Large Sparse Linear Systems over Finite Fields
Abstract Challenges in Solving Large Sparse Linear Systems over Finite Fields Richard P. Brent 23 September 2005 This talk outlines how very large, sparse linear systems arise in the solution of problems
More informationSEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY
SEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY OFER M. SHIR, THE HEBREW UNIVERSITY OF JERUSALEM, ISRAEL FLORIAN HÖNIG, JOHANNES KEPLER UNIVERSITY LINZ, AUSTRIA ABSTRACT. The area of elliptic curves
More informationCryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000 Amr Youssef 1 and Guang Gong 2 1 Center for Applied Cryptographic Research Department of Combinatorics & Optimization 2 Department of Electrical
More informationNumber Theory in Cryptology
Number Theory in Cryptology Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur October 15, 2011 What is Number Theory? Theory of natural numbers N = {1,
More informationA New Algorithm to Compute Terms in Special Types of Characteristic Sequences
A New Algorithm to Compute Terms in Special Types of Characteristic Sequences Kenneth J. Giuliani 1 and Guang Gong 2 1 Dept. of Mathematical and Computational Sciences University of Toronto at Mississauga
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationRSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationThe attack of the RSA Subgroup Assumption
The attack of the RSA Subgroup Assumption Jiang Weng 1,2, Yunqi Dou 1,2, and Chuangui Ma 1,2 1 Zhengzhou Information Science and Technology Institute,Zhengzhou 450002, China 2 State Key Laboratory of Mathematical
More informationDeterministic Polynomial Time Equivalence of Computing the RSA Secret Key and Factoring
Deterministic Polynomial Time Equivalence of Computing the RSA Secret Key and Factoring Jean-Sébastien Coron and Alexander May Gemplus Card International 34 rue Guynemer, 92447 Issy-les-Moulineaux, France
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationExplicit solution of a class of quartic Thue equations
ACTA ARITHMETICA LXIV.3 (1993) Explicit solution of a class of quartic Thue equations by Nikos Tzanakis (Iraklion) 1. Introduction. In this paper we deal with the efficient solution of a certain interesting
More informationDeterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi s RSA
Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi s RSA Noboru Kunihiro 1 and Kaoru Kurosawa 2 1 The University of Electro-Communications, Japan kunihiro@iceuecacjp
More informationOn the power-free parts of consecutive integers
ACTA ARITHMETICA XC4 (1999) On the power-free parts of consecutive integers by B M M de Weger (Krimpen aan den IJssel) and C E van de Woestijne (Leiden) 1 Introduction and main results Considering the
More informationTHE DENOMINATORS OF POWER SUMS OF ARITHMETIC PROGRESSIONS. Bernd C. Kellner Göppert Weg 5, Göttingen, Germany
#A95 INTEGERS 18 (2018) THE DENOMINATORS OF POWER SUMS OF ARITHMETIC PROGRESSIONS Bernd C. Kellner Göppert Weg 5, 37077 Göttingen, Germany b@bernoulli.org Jonathan Sondow 209 West 97th Street, New Yor,
More information