A New Related Message Attack on RSA

A New Related Message Attack on RSA

Coppersmith, Franklin, Patarin, and Reiter show that given two RSA cryptograms xemod N and (ax+b)emod N for known constants a,b ∈ ℤN, one can compute x in O(elog 2e) ℤN-operations with some positive error probability. We show that given e cryptograms ci≡ (aix+bi)emod N, i=0,1,...e–1, for any known c...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yacobi, Oded, Yacobi, Yacov
Format: Buchkapitel
Sprache:eng
Schlagworte:
Applied sciences
Cryptography
Exact sciences and technology
Information, signal and communications theory
Signal and communications theory
Telecommunications and information theory
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Coppersmith, Franklin, Patarin, and Reiter show that given two RSA cryptograms xemod N and (ax+b)emod N for known constants a,b ∈ ℤN, one can compute x in O(elog 2e) ℤN-operations with some positive error probability. We show that given e cryptograms ci≡ (aix+bi)emod N, i=0,1,...e–1, for any known constants ai,bi ∈ ℤN, one can deterministically compute x in O(e) ℤN-operations that depend on the cryptograms, after a pre-processing that depends only on the constants. The complexity of the pre-processing is O(elog 2e) ℤN-operations, and can be amortized over many instances. We also consider a special case where the overall cost of the attack is O(e) ℤN-operations. Our tools are borrowed from numerical-analysis and adapted to handle formal polynomials over finite-rings. To the best of our knowledge their use in cryptanalysis is novel.
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-540-30580-4_1