NEW ATTACKS ON TAKAGI CRYPTOSYSTEM

Similar documents
New bounds on Poisson approximation to the distribution of a sum of negative binomial random variables

Homework: Due

CIVL 7/ D Boundary Value Problems - Axisymmetric Elements 1/8

5- Scattering Stationary States

( V ) 0 in the above equation, but retained to keep the complete vector identity for V in equation.

Degenerate Clifford Algebras and Their Reperesentations

ADDITIVE INTEGRAL FUNCTIONS IN VALUED FIELDS. Ghiocel Groza*, S. M. Ali Khan** 1. Introduction

A NEW GENERALISATION OF SAM-SOLAI S MULTIVARIATE ADDITIVE GAMMA DISTRIBUTION*

Fitted Finite Difference Method for Singularly Perturbed Two-Point Boundary Value Problems using Polynomial Cubic Spline

Load Equations. So let s look at a single machine connected to an infinite bus, as illustrated in Fig. 1 below.

Multi-linear Systems and Invariant Theory. in the Context of Computer Vision and Graphics. Class 4: Mutli-View 3D-from-2D. CS329 Stanford University

Analysis of a M/G/1/K Queue with Vacations Systems with Exhaustive Service, Multiple or Single Vacations

A Note on Estimability in Linear Models

New Finding on Factoring Prime Power RSA Modulus N = p r q

Folding of Regular CW-Complexes

Lucas Test is based on Euler s theorem which states that if n is any integer and a is coprime to n, then a φ(n) 1modn.

Group Codes Define Over Dihedral Groups of Small Order

Shor s Algorithm. Motivation. Why build a classical computer? Why build a quantum computer? Quantum Algorithms. Overview. Shor s factoring algorithm

CERTAIN RESULTS ON TIGHTENED-NORMAL-TIGHTENED REPETITIVE DEFERRED SAMPLING SCHEME (TNTRDSS) INDEXED THROUGH BASIC QUALITY LEVELS

Lecture 3.2: Cosets. Matthew Macauley. Department of Mathematical Sciences Clemson University

Chapter 3 Binary Image Analysis. Comunicação Visual Interactiva

On Jackson's Theorem

Distinct 8-QAM+ Perfect Arrays Fanxin Zeng 1, a, Zhenyu Zhang 2,1, b, Linjie Qian 1, c

UNIT 8 TWO-WAY ANOVA WITH m OBSERVATIONS PER CELL

Grand Canonical Ensemble

Chapter 10 DIELECTRICS. Dielectrics

EE 584 MACHINE VISION

Review - Probabilistic Classification

Homework 1: Solutions

(, ) which is a positively sloping curve showing (Y,r) for which the money market is in equilibrium. The P = (1.4)

On interval-valued optimization problems with generalized invex functions

ON THE COMPLEXITY OF K-STEP AND K-HOP DOMINATING SETS IN GRAPHS

Generating Functions, Weighted and Non-Weighted Sums for Powers of Second-Order Recurrence Sequences

SIMULTANEOUS METHODS FOR FINDING ALL ZEROS OF A POLYNOMIAL

Mid Year Examination F.4 Mathematics Module 1 (Calculus & Statistics) Suggested Solutions

Diffraction. Diffraction: general Fresnel vs. Fraunhofer diffraction Several coherent oscillators Single-slit diffraction. Phys 322 Lecture 28

Energy in Closed Systems

ON THE FRESNEL SINE INTEGRAL AND THE CONVOLUTION

Structure and Features

Advanced Manufacture of Spiral Bevel and Hypoid Gears

The Hyperelastic material is examined in this section.

Theoretical Electron Impact Ionization, Recombination, and Photon Emissivity Coefficient for Tungsten Ions

Diffraction. Diffraction: general Fresnel vs. Fraunhofer diffraction Several coherent oscillators Single-slit diffraction. Phys 322 Lecture 28

Statics. Consider the free body diagram of link i, which is connected to link i-1 and link i+1 by joint i and joint i-1, respectively. = r r r.

Overview. 1 Recall: continuous-time Markov chains. 2 Transient distribution. 3 Uniformization. 4 Strong and weak bisimulation

On Factoring Arbitrary Integers with Known Bits

4D SIMPLICIAL QUANTUM GRAVITY

Lesson 7. Chapter 8. Frequency estimation. Bengt Mandersson LTH. October Nonparametric methods: lesson 6. Parametric methods:

CHAPTER 33: PARTICLE PHYSICS

In the name of Allah Proton Electromagnetic Form Factors

Massachusetts Institute of Technology Introduction to Plasma Physics

Set of square-integrable function 2 L : function space F

School of Aerospace Engineering Origins of Quantum Theory. Measurements of emission of light (EM radiation) from (H) atoms found discrete lines

E F. and H v. or A r and F r are dual of each other.

Chapter-10. Ab initio methods I (Hartree-Fock Methods)

}, the unrestricted process will see a transition to

Ερωτήσεις και ασκησεις Κεφ. 10 (για μόρια) ΠΑΡΑΔΟΣΗ 29/11/2016. (d)

Lecture 23 APPLICATIONS OF FINITE ELEMENT METHOD TO SCALAR TRANSPORT PROBLEMS

Optimal Ordering Policy in a Two-Level Supply Chain with Budget Constraint

Algorithms for factoring

External Equivalent. EE 521 Analysis of Power Systems. Chen-Ching Liu, Boeing Distinguished Professor Washington State University

Hydrogen atom. Energy levels and wave functions Orbital momentum, electron spin and nuclear spin Fine and hyperfine interaction Hydrogen orbitals

Consider a system of 2 simultaneous first order linear equations

Rectification and Depth Computation

ON EISENSTEIN-DUMAS AND GENERALIZED SCHÖNEMANN POLYNOMIALS

Extinction Ratio and Power Penalty

A Random Graph Model for Power Law Graphs

THE CHINESE REMAINDER THEOREM. We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens

Edge Product Cordial Labeling of Some Cycle Related Graphs

8-node quadrilateral element. Numerical integration

n α j x j = 0 j=1 has a nontrivial solution. Here A is the n k matrix whose jth column is the vector for all t j=0

A STUDY OF SOME METHODS FOR FINDING SMALL ZEROS OF POLYNOMIAL CONGRUENCES APPLIED TO RSA

CBSE , ˆj. cos CBSE_2015_SET-1. SECTION A 1. Given that a 2iˆ ˆj. We need to find. 3. Consider the vector equation of the plane.

COMPLEX NUMBER PAIRWISE COMPARISON AND COMPLEX NUMBER AHP

The Random Phase Approximation:

Keywords: Auxiliary variable, Bias, Exponential estimator, Mean Squared Error, Precision.

Concept of Game Equilibrium. Game theory. Normal- Form Representation. Game definition. Lecture Notes II-1 Static Games of Complete Information

SMARANDACHE-GALOIS FIELDS

Physics 111. Lecture 38 (Walker: ) Phase Change Latent Heat. May 6, The Three Basic Phases of Matter. Solid Liquid Gas

Exam 2 Solutions. Jonathan Turner 4/2/2012. CS 542 Advanced Data Structures and Algorithms

Today s topics. How did we solve the H atom problem? CMF Office Hours

First day August 1, Problems and Solutions

Power-sum problem, Bernoulli Numbers and Bernoulli Polynomials.

PARTIAL QUOTIENTS AND DISTRIBUTION OF SEQUENCES. Department of Mathematics University of California Riverside, CA

NTRU Modulo p Flaw. Anas Ibrahim, Alexander Chefranov Computer Engineering Department Eastern Mediterranean University Famagusta, North Cyprus.

multipath channel Li Wei, Youyun Xu, Yueming Cai and Xin Xu

On New Selection Procedures for Unequal Probability Sampling

The Matrix Exponential

Electromagnetics: The Smith Chart (9-6)

5 The Rational Canonical Form

Affine transformations and convexity

4.8 Huffman Codes. Wordle. Encoding Text. Encoding Text. Prefix Codes. Encoding Text

School of Electrical Engineering. Lecture 2: Wire Antennas

VISUALIZATION OF DIFFERENTIAL GEOMETRY UDC 514.7(045) : : Eberhard Malkowsky 1, Vesna Veličković 2

te Finance (4th Edition), July 2017.

8 Baire Category Theorem and Uniform Boundedness

The Penalty Cost Functional for the Two-Dimensional Energized Wave Equation

and integrated over all, the result is f ( 0) ] //Fourier transform ] //inverse Fourier transform

The Matrix Exponential

IV. Transport Phenomena Lecture 35: Porous Electrodes (I. Supercapacitors)

Transcription:

Jounal of Algba umb Thoy: Advancs and Alcatons Volum 8 umb - 7 Pags 5-59 Avalabl at htt://scntfcadvancscon DOI: htt://dxdoog/86/antaa_785 EW ATTACKS O TAKAGI CRYPTOSYSTEM MUHAMMAD REAL KAMEL ARIFFI SADIQ SHEHU and M A ASBULLAH Al-Knd Cytogahy Rsach Laboatoy Insttut fo Mathmatcal Rsach Unvst Puta Malaysa (UPM) Slango Malaysa Datmnt of Mathmatcs Faculty of Scnc Unvst Puta Malaysa (UPM) Slango Malaysa -mal: zal@umdumy sadshhuzz@gmalcom ma_asyaf@umdumy Abstact Ths a ooss th nw attacks on RSA-Takag cytosystm Th fst attack s basd on th uaton X Y ( a b ) fo sutabl ostv Y ntgs a b W show that can b covd among th convgnts of th X contnud factons xanson of and lads to succssful factozaton of th Mathmatcs Subct Classfcaton: Y5 Kywods and hass: m ow modulo factozaton LLL algothm smultanous Dohantn aoxmatons contnud factons Rcvd Jun 7 7 Scntfc Advancs Publshs

6 MUHAMMAD REAL KAMEL ARIFFI t al m ow modulus n olynomal tm Th scond and thd attack woks uon ublc kys ( ) whn th xst latons of th sha x y ( a b ) z o of th sha x y ( a b ) z wh th aamts x x y y z a sutably small n tms of th m factos of th modul Alyng th LLL algothm w show that ou statgy nabl us to smultanously facto th ublc ky n olynomal tm Intoducton In cnt yas modulus of th fom hav found many alcatons n cytogahy In [] Bonh t al oosd an ffcnt algothm fo factong modulus of th fom and showd that th algothm uns n olynomal tm whn s lag ( log ) Hnc t s xctd that th factong of th modulus wll b ntactabl whn th bound fo s small Fuoka t al [5] usd th modulus fo n an lctonc cash schm Okamoto and Uchyama [5] usd ky systm wth n dsgnng an lgant ublc Th cytosystm dvlod by Takag ushd n sach n dtmnng th scuty of th modulus In [8] Takag oosd a cytosystm usng modulus basd on th RSA cytosystm H chooss an aoat modulus whch ssts two of th fastst factong algothms namly th numb fld sv and th lltc cuv mthod Alyng th fast dcyton algothm modulo h showd that th dcyton ocss of th oosd cytosystms s fast than th RSA cytosystm usng Chns mand thom known as th Qusuat-Couvu mthod

EW ATTACKS O TAKAGI CRYPTOSYSTEM 7 In [7] Saka ovd that usng th lattc ducton tchnus f 95 th dcyton xonnt d thn on can facto th m ow modulus n olynomal tm Asbullah and Affn [] ovd that by takng th tm ( ) as a good aoxmaton of φ ( ) satsfyng th RSA ky uaton d k φ( ) on can yld th factozaton of th m ow modulus (fo mo nfomaton s [] [6] [7]) n olynomal tm Ou fst oosd attack uss th Lgnd thom whch nabls us to fnd th convgnt of th contnud factons that lads to th factozaton of th modulus n olynomal tm Th scond and thd attacks uss lattc bass ducton W a ntstd n th so calld ducd bass of a lattc so as to yld factozaton of th modul K n olynomal tm Th mand of ths a s oganzd as follows In Scton w gv ntoducton to contnud factons lattc bass ducton wth som vous sults In Scton w snt th fst attack and stmaton of th sz of th class of th xonnts fo whch ou attack als In Sctons and 5 w gv th scond and thd attacks W also ovd numcal xaml fo all ou attacks W conclud ths a n Scton 6 Plmnas W stat wth dfntons and motant thoms concnng th contnud factons lattc bass ducton tchnus and som thom fom th vous attacks as wll as som usful lmmas

8 MUHAMMAD REAL KAMEL ARIFFI t al Contnud factons Dfnton (Contnud factons) A contnud facton s an xsson of th fom a a O a m O [ a a K a ] m K wh a s an ntg and a n a ostv ntgs fo n Th a n a calld th atal uotnts of th contnud facton [] Dfnton (Convgnts) Lt x R wth x [ a a K am ] Fo n m th n-th convgnt of th contnud facton xanson of x s [ a a K a ] n Thom (Lgnd) Lt x b a al ostv numb If X and Y a ostv ntgs such that gcd ( X Y ) and Y x X X thn X Y s a convgnt of th contnud facton xanson of x Dfnton (Lattc bass ductons) Lt ntgs and m n b two ostv n L b m R b n lnaly ndndnt vctos A lattc b L sannd by { b L b m } s th st of all ntg lna combnatons of b L b that s m L L( b L b m ) αb α m Th b a calld bass vctos of L and B b L bm s calld a lattc bass fo L Thus th lattc gnatd by a bass B s th st of all ntg lna combnatons of th bass vctos n B

EW ATTACKS O TAKAGI CRYPTOSYSTEM 9 Th dmnson (oank) of th a lattc dnotd dm( L ) s ual to th numb of vctos makng u th bass Th dmnson of a lattc s ual to th dmnson of th vcto subsac sannd by B A lattc s sad to b full dmnsonal (o full ank) whn dm( L ) n Thom Lt L b a lattc of dmnson ω wth a bass v K v Th LLL algothm oducs a ducd bass b K bω satsfyng ω b b K b ω( ω) ( ω ) dt Lω fo all ω As an alcaton of th LLL algothm s that t ovds a soluton to th smultanous Dohantn aoxmatons oblm whch s dfnd as follows Lt α K αn b n al numbs and ε b a al numb such that ε A classcal thom of Dchlt assts that th xst ntgs K n and a ostv ntg n ε such that α ε fo n A mthod to fnd smultanous Dohantn aoxmatons to atonal numbs was dscbd by [] In th wok thy consdd a lattc wth al nts Blow a smlasult fo a lattc wth ntg nts Thom (Smultanous Dohantn aoxmatons [8]) Th s a olynomal tm algothm fo gvn atonal numbs α K αn and ε to comut ntgs K n and a ostv ntg such that n( n) max α ε and Lmma Lt Thn b an RSA modulus m ow wth

MUHAMMAD REAL KAMEL ARIFFI t al Poof Suos thn multlyng by w gt whch mls that s Also snc thn whch n tun mls Hnc [] Lmma Lt b a m ow modulus wth and b a b sutably small ntgs such that ( ) gcd b a Also lt ( ) b a S wh b a thn S ab Poof St ( ) b a S Thn obsv that (( ) ) ( )( ) b a b a b a S b ab z b a a b ab a b ab ab ab a ab b ab a ab b ab a ab b ab a ( ) ab b a Hnc w obtan ( ) > b a ab S ()

EW ATTACKS O TAKAGI CRYPTOSYSTEM Thn w dvd () by w gt S S ab ab ( a b ) ( a b ) ( a b ) a b 6 6 mls that ab S Th Fst Attack on Pm Pow Modul In ths scton w snt a sult basd on contnud factons and show how to facto th m ow modulus f ( ) s a ublc ky satsfyng an uaton X Y ( a b ) wth small aamts X Y and wh a b b a sutably small ostv ntg

MUHAMMAD REAL KAMEL ARIFFI t al and Lmma Lt b a m ow modulus wth a b b ntgs such that gcd ( a b) Lt b a ublc ky satsfyng th uaton X Y ( a b ) wth gcd ( X Y ) f X ( a b ) thn Y s among th convgnts of th contnud X facton xanson of Poof Suos that satsfs th uaton X Y ( a b ) wth X ( a b ) and gcd ( X Y ) w gt Thn fom th uaton X Y ( a b ) whn dvdng by X Y X X Y X a b X Assum that f X ( a b ) thn a b X X hold that s X ( a b ) X X( a b ) X( a b ) whch mls X ( a b ) and by Thom w conclud that X Y contnud facton xanson of s among th convgnt of th

EW ATTACKS O TAKAGI CRYPTOSYSTEM Thom Lt b a m ow modulus wth Lt a b b ntgs such that gcd ( a b) and lt b a ublc ky satsfyng th uaton X Y ( a b ) wth gcd ( X Y ) f Y X and ( a b ) a b thn fo can b factod n olynomal tm Poof Suos that satsfs an uaton X Y ( a b ) wth gcd ( X Y ) lt X and satsfy th condton n Lmma thn Y s among th convgnt of th contnud facton xanson of X Hnc usng X and Y w dfn S X Y and Lmma shows S that ab It follows that gcd S Th followng algothm s dsgnd to cov th m factos fo m ow modulus n olynomal tm Algothm Inut: Th ublc ky a ( ) satsfyng and Thom Outut: Th two m factos and () Comut th contnud facton xanson of Y () Fo ach convgnt of X S () Comut () gcd S (5) If thn comut S X Y

MUHAMMAD REAL KAMEL ARIFFI t al Examl Th followng shows an llustaton of ou attack fo X 9 Y 8 a b gvn and as 6788858956689 857869957 Suos that th ublc ky ( ) satsfy all th condton as statd n th Thom fom th abov algothm w fst comut th contnud facton xanson of Th lst of fst convgnts of th contnud facton xanson of a 7 8 59 996 785 7656 9 9 58 79 77699 565567 7 586 6987 9788 K 8985 9599 Thfo omttng th fst and scond nty and stat wth th convgnt w obtan and S X Y 75787898676 S 957959676658 Hnc gcd S ( 957959676658 6788858956689) 7 S Also th convgnt gvs S and 9 wth gcd S

EW ATTACKS O TAKAGI CRYPTOSYSTEM 5 8 Thfo w nd to ty fo th nxt convgnt w obtan 9 S X Y 6755678 and S 6779966 W comut th gcd S ( 6779966 6788858956689) 77 Fnally wth 77 w comut 8557 whch lads to th factozaton of Estmaton of th numb of s satsfyng X Y ( a b ) W gv an stmaton of th numb of th xonnts whch ou attacks can b ald Lt fo a b b ntgs such that α gcd ( a b) Lt ( a b ) wth α Lmma 5 Lt b a m ow modulus wth Lt a b b ntgs such that gcd ( a b) and suos that s a ublc xonnt satsfyng and two uaton X Y ( a b ) and X Y ( a b ) wth gcd ( X ) fo Y Y X thn X X Y Y ( a b )

6 MUHAMMAD REAL KAMEL ARIFFI t al Poof Assum that th xonnt satsfyng th two uaton Y ( a b ) and X Y ( a b ) wth X gcd ( X ) fo Y Y X Thfo ( a b ) uatng th tm ( a b ) w gt X Y X Y () mls X Y X Y ( X X ) ( Y ) Y ( X X ) ( Y Y ) Snc w assum and Y X thn ( X X ) X X thfo ( a b ) ( a b ) wth gcd( ) and X X w obtan X X Y Y Thom 5 Lt b a m ow modulus wth Lt a b b sutably small ntgs such that gcd ( a b) and α ( a b ) Th numb of th xonnts of th fom ( a b ) X ( mod ) wth g cd( X a b ) and X α s at last wh > s abtaly small fo sutably lag

EW ATTACKS O TAKAGI CRYPTOSYSTEM 7 Poof Lt a b b sutably small ntgs such that gcd ( a b) α and ( a b ) α and lt X Lt ξ dnot th numb of th xonnts satsfyng ( a b ) X (mod ) wth gcd ( X a b ) and X α ξ X X gcd( X a b ) () Usng th followng sult (s ta [5] Lmma ) wth and m X w gt n a b X ( ) φ a b ( ) ( ) ω a b φ a b ω( a b ξ > X ) a b a b () Thfo ω( a b ) s th numb of sua f dvsos of a b whch s u boundd by th total numb τ ( a b ) of dvsos of a b Hnc usng th dntty that τ ( n) satsfs τ ( n) O( log log n ) (s Hady and Wght [6] Thoms -) It follows that th domnant tm n () s n a b φ( a b ) a b X α and X gvs Substtutng ths wth ξ X ( ) α φ a b φ( ) a b a b α O α φ( a b )

8 MUHAMMAD REAL KAMEL ARIFFI t al Also on th oth hand fo n w hav th followng dntty (s Hady and Wght [6] Thom 8) cn φ ( n ) > log log n wh c s a ostv constant Takng n α a b mls that ξ α O α c α log log O ( ) wh α satsfs log log sutably lag and s abtaly small fo Rmak Fom th two dstnct n-bt m ( ) th sultant modulus s ( ) n-bt ntg Thn w can obsv that th numb of xonnts satsfyng ou attack s ( ) n( ) Ths ovs that th a xonntally many xonnts that satsfy ou condtons n th Thom 5 Th Scond Attack on Pm Pow Modul In ths scton fo modul wth th sam sz W suos n ths scnao that th m ow modul satsfyng th uatons x y ( a b ) z W ovd that t s ossbl to facto th modul sutably small f th unknown aamts x y and z a

EW ATTACKS O TAKAGI CRYPTOSYSTEM 9 Thom 6 Fo lt b modul Lt mn Lt K b ublc xonnts Dfn δ ( ) α( ) ( ) wh α Lt a b b sutably small α ntgs such that a b If th xst an ntg δ x and δ ntgs y and z such that ( x y a b ) z fo K thn on can facto th modul K n olynomal tm Poof Fo and lt b modul Lt mn and suos that y and a b thn th uaton x y ( a b ) z can b wttn as δ α ( a b ) z x y (5) δ Lt mn and suos that y z α a thn and b ( a b ) z ( a b ) z α α α

MUHAMMAD REAL KAMEL ARIFFI t al 5 Substtut n to (5) to gt α y x Hnc to shows th xstnc of th ntg x w lt α ε wth ( ) ( ) ( ) α δ thn w hav ε δα δ Thfo snc ( ) fo w gt ( ) ε δ It follows that f δ x thn ( ) x ε Summazng fo K w hav ( ) x y x ε ε Hnc t satsfy th condtons of Thom and w can obtan x and y fo K xt usng th uaton ( ) z b a y x Snc z Thn Lmma mls that S ab z wth y x S fo K w comut gcd S Whch lads to factozaton of modul K

EW ATTACKS O TAKAGI CRYPTOSYSTEM 5 Examl As an llustaton to ou attack on m ow modul w consd th followng th m ow and th ublc xonnts: 7597958956868555959896689858578 895759657967786798887799669979988 797777695895678967875696989 588698585965565576595797696 867796675857696889797995586895 96798997587899865598766855 Thn mn( ) 797777695895678 967875696989 Snc and a b wth α w gt δ ( ) α( ) ( ) 5 α and ε 5587 Usng Thom wth n w obtand C ( n )( n) n [ ε n ] 8965677 Consd th lattc L sannd by th matx M [ C ] [ C ] [ C ] C C C Thfo alyng th LLL algothm to L w obtan th ducd bass wth followng matx:

5 MUHAMMAD REAL KAMEL ARIFFI t al K 7 86788 766898 5875775 65567 969675 55867579 58789 778 568988 668596 97768 9887 9798 5666568 6999 xt w comut K M 7 86788 766898 5875775 67 9665786 5977 9799 558 879 9887 5 7 5659578 6858 69678 Thn fom th fst ow w obtand x 7 y 67 y 558 y 7 Hnc usng x and y fo dfn S x y w gt S 5698577656975575579 S 788576657965965 S 6989557759859658897 And Lmma mls that z ab S fo whch gvs S S 97855578797767655858 678996558778656 S 7799797989699698

EW ATTACKS O TAKAGI CRYPTOSYSTEM 5 Thfo fo w comut gcd S that s 5876779 75966 975679 Fnally fo w fnd hnc 69879 777787 57555 whch lads to th factozaton of th modul and 5 Th Thd Attack on Pm Pow Modul W snt an attack on th m ow modul Fo and w consd th scnao whn th modul satsfy uatons of th fom x y ( a b ) z fo K wth sutably small unknown aamts x y and z Alyng th LLL algothm w show that ou aoach nabl us to facto th m ow modul n olynomal tm Thom 7 Fo and lt b modul wth th sam sz Lt K b ublc xonnts wth mn β Lt β δ ( β α ) ( β α ) ( ) wh α Lt a b b sutably ntgs such that a b α If th xst an ntg δ y and ntgs δ x such that x y ( a b ) z fo K thn on can facto th modul K n olynomal tm

5 MUHAMMAD REAL KAMEL ARIFFI t al Poof Fo and lt b modul Thn th uaton x y ( a b ) z can b wttn as ( a b ) z y x (6) Lt max and suos that and a b thn α y δ β z mn ( a b ) z ( a b ) z β β α α β α β Pluggng n to (6) to gt y x α β Hnc to shows th xstnc of th ntg y and ntgs x w lt β α ε wth δ ( β α ) ( β α ) w gt ( ) δ δ ε αβ

EW ATTACKS O TAKAGI CRYPTOSYSTEM 55 ( ) Thfo snc fo w gt It follows that f y thn K w hav δ ( ) y ε ( ) δ ε Summazng fo y x ( ) ε y ε Hnc t satsfy th condtons of Thom and w can obtan y and x fo K xt fom th uaton x y ( a b ) z Snc z S Thn Lmma mls that z ab wth S x y fo K w comut gcd S Whch lads to factozaton of modul K Examl As an llustaton to ou attack on m ow modul w consd th followng th m ow and th ublc xonnts: 99867977778755667957997557 9687899766696598957856657666966785 67599867579796975555656897989779 6589857596796986955779587986 89685859988866559865598 9767686677859598677875568968

56 MUHAMMAD REAL KAMEL ARIFFI t al Thn max( ) 8968585998886 β 6559865598 Also mn ( ) wth β 98 Snc and a b wth α w gt ( β α ) ( β α ) δ 6 and ( ) αβ ε 777965 Usng Thom wth n w obtand C ( n ) ( n) n [ n ε ] 9559 Consd th lattc L sannd by th matx M [ C ] [ C ] [ C ] C C C Thfo alyng th LLL algothm to L w obtan th ducd bass wth followng matx: K 75 97 5898 967 785 78686 866 687995 98 7687768 75676 66858 8 5986 778 78 xt w comut K M 75 97 5898 967 9 97555 58877 6678 97 5977 86958 555 65855 85796

EW ATTACKS O TAKAGI CRYPTOSYSTEM 57 Thn fom th fst ow w obtand y 75 x 9 x x Hnc usng x and y fo dfn S x y w gt S 9955956556856675578658 S 59659975865668588655565 S 695887559995659887985 And Lmma mls that z ab S fo whch gvs S S S 6785977669857 9676966666766 9575866865695886 Thfo fo w comut gcd S that s 9876759 5977 5867 Fnally fo w fnd hnc 87987677 97599 755769 whch lads to th factozaton of th modul and

58 MUHAMMAD REAL KAMEL ARIFFI t al 6 Concluson W oosd th fst attack basd on th uaton X Y ( a b ) fo sutabl ostv ntgs a b Usng contnud facton w show that X Y can b covd among th convgnts of th contnud factons xanson of Futhmo w show that th st of such wak xonnts s latvly lag namly that th numb s at last ε wh ε s abtaly small fo sutably lag Hnc on can facto th m ow modulus n olynomal tm Fo w thn snt scond and thd attacks on th m ow modul fo K Th attacks wok whn ublc kys ( ) a such that th xst latons of th sha x y ( a b ) z o of th sha x y ( a b ) z wh th aamts x x y y z a sutably small n tms of th m factos of th modul Basd on LLL algothm w show that ou aoach nabl us to smultanously facto th m ow modul n olynomal tm Rfncs [] M R K Affn and S Shhu w attacks on m ow RSA modulus Asan Jounal of Mathmatcs and Comut Rsach (6) 77-9 [] M A Asbullah and M R K Affn w attacks on RSA wth modulus usng contnud factons Jounal of Physcs Confnc Ss Volum 6 o IOP Publshng 5 [] D Bonh G Duf and Howgav-Gaham Factong fo lag Advancs n Cytology CRYPTO 99 Lctu ots n Comut Scnc 59 (999) 6-7

EW ATTACKS O TAKAGI CRYPTOSYSTEM 59 [] J Blom and A May A gnalzd Wn attack on RSA In Publc Ky Cytogahy - PKC Lctu ots n Comut Scnc 97 () - [5] A Fuoka T Okamoto and S Myaguch ESIG: An ffcnt dgtal sgnatu mlmntaton fo smat cads Advancs n Cytology EURO-CRYPT 9 Sng-Vlag (99) 6-57 [6] G H Hady and E M Wght An Intoducton to th Thoy of umbs Oxfod Unvsty Pss London 975 [7] J Hnk On th Scuty of Som Vaants of RSA PhD Thss Watloo Ontao Canada 7 [8] Howgav-Gaham and J P Sft Extndng wns attack n th snc of many dcytng xonnts In Scu twokng-cqre (Scu) 99 7 (999) 5-66 [9] A K Lnsta H W Lnsta and L Lovasz Factong olynomals wth atonal coffcnts Mathmatsch Annaln 6 (98) 5-5 [] A May w RSA Vulnablts Usng Lattc Rducton Mthods PhD Thss Unvsty of Padbon [] A ta Dohantn and lattc cytanalyss of th RSA cytosystm Atfcal Intllgnc Evolutonay Comutng and Mtahustcs Sng Bln Hdlbg () 9-68 [] A ta Cytanalyss of RSA usng th ato of th ms Pogss n Cytology- AFRICACRYPT 9 Sng Bln Hdlbg (9) 98-5 [] A ta M R K Affn D I ass and H M Bahg w attacks on th RSA cytosystm Pogss n Cytology-AFRICACRYPT Sng Intnatonal Publshng () 78-98 [] A ta A w Vulnabl Class of Exonnts n RSA [5] T Okamoto and S Uchyama A nw ublc-ky cytosystm as scu as factong Advancs n Cytology-EUROCRYPT 98 Sng-Vlag (998) 8-8 [6] R Rvst A Sham and L Adlman A mthod fo obtanng dgtal sgnatus and ublc-ky cytosystms Communcatons of th ACM () (978) -6 [7] S Saka Small sct xonnt attack on RSA vaant wth modulus dsgns Cods and Cytogahy 7() () 8-9 [8] T Takag Fast RSA-ty cytosystm modulo k Cyto 98 Sng (998) 8-6 In Advancs n Cytology- [9] M Wn Cytanalyss of shot RSA sct xonnts IEEE Tansactons on Infomaton Thoy 6 (99) 55-558 g

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback