A New Vulnerable Class of Exponents in RSA
|
|
- Charity Preston
- 7 years ago
- Views:
Transcription
1 A ew Vulnerable Class of Exponents in RSA Aberrahmane itaj Laboratoire e Mathmatiues icolas Oresme Universit e Caen, France nitaj@math.unicaen.fr Abstract Let = p be an RSA moulus, i.e. the prouct of two large unknown primes of eual bit-size. We consier the class of the public exponents satisfying an euation ex Y = (+bz with 0 < a <, b = [ ] (here [x] enotes the nearest integer to x an XZ < ( + b, an all prime factors of Z are less than Using the continue fraction algorithm an the Elliptic Curve Metho of factorization, we show that such exponents yiel the factorization of the RSA moulus. Further, we show that the number of such weak keys is at least ε log. Thus, our attack plies to a relatively large class of weak keys in RSA. Keywors: RSA, Cryptanalysis, Factorization, Continue Fraction Introuction Invente by Rivest, Shamir an Aleman in 977 [5], the RSA cryptosystem is most commonly use for proviing privacy an ensuring authenticity of igital ata. It is one of the most popular systems in use toay. Let = p be the prouct of two large primes of the same bit-size. Let e an be two positive integers satisfying e (mo φ( where φ( = (p ( is Euler s totient function. Commonly, is calle the RSA moulus, e the
2 encryption exponent an the ecryption exponent. The moular euation e (mo φ( is sometimes use as an euation e kφ( =, where k is some positive integer an is calle the RSA key euation. Since its publication, RSA has been analyze for vulnerability by various methos (see [3] an [9]. The security of RSA is base on the well known problem of factoring large integers, which is wiely believe to be intractable. If one can factor = p, then one can calculate φ( = (p ( an the private exponent by solving the congruence e (mo φ(. Conversely, the recovery of the private exponent is euivalent to factoring (see []. Many attacks are base on trying to solve the key euation e kφ( = for particular exponents. In 990, Wiener [6] showe that using continue fractions, one can efficiently recover the secret-exponent from the public key (, e as long as < 4. The number of such 3 exponents can be estimate as 4 ε where ε > 0 is arbitrarily small for large. The ε term correspons to the number of exponents such that gc(, φ(. The lattice-base Boneh-Durfee attack [4] an its variant given by Blömer an May [] exploit the non-linear euation satisfie by the secret key ( + k + s 0 (mo e, where k an s = p+ are unknown integers. This gives an attack that heuristically succees in polynomial-time when < 0.9 an the number of the exponents for which this attack works can be estimate as 0.9 ε. Base on the continue fraction algorithm an a theorem ue to Coppersmith [7], Blömer an May [] propose in 004 an attack on RSA ( using the variant euation ex + y = kφ( with x < 4 an y = O 3 4 ex. 3 They showe that such exponents are vulnerable an that their number is at least 3 4 ε. At Africacrypt 008, itaj presente an attack on the class of the exponents satisfying an euation ex (p u( vy = with [ Y X < 4 4, u < 4, v = u ], p u where [x] enotes the nearest integer to the real number x. Combining the continue fraction algorithm, Coppersmith s metho [7] an the Elliptic Curve Metho of factorization [0], he showe that p, can be foun if all the prime factors of p u or v are less than The number of such exponents are estimate as ε. In a similar irection, Maitra an Sarkar []
3 presente in 008 an attack using the euation ex ( pu vy = with suitably small parameters X, Y, u an v. In contrast of the previous attacks, this attack uses only the techniue of Coppersmith [7]. The number of such exponents are estimate as 3 4 ε. In 009, itaj [4] stuie the class of the exponents e satisfying ex ( ( + by = Z where a is an unknown b convergent of an X, Y, Z are suitably small integers. He showe that p such exponents form a weak class of size 3 4 ε. In this per, we introuce a new attack on RSA. The attack works for all public keys (, e satisfying an euation with b = ex Y = ( + bz, [ ], XZ < ( + b, where a is an unknown positive integer satisfying a < ([x] means the nearest integer of the real number x an all prime factors of Z are less than the Elliptic Curve Metho of factorization [0] boun B ECM = The new attack is base on the continue fraction algorithm an the Elliptic Curve Metho (ECM. In contrast to the previous attacks, it oes not make use of Coppersmith s techniue. We show that for integers X, a, b an Z within the given bouns, this attack yiels the factorization of the RSA moulus = p for the class of the public exponents e with the structure e ( + bzx (mo, where gc(x, (+bz =. Observe that this conition implies gc(x, Y = where Y satisfies ex Y = ( + bz. We show that the number of the exponents e with e < for which this metho works can be estimate as ε. The new attack works as follows. We use the continue fraction algorithm e to recover X an Y among the convergents of. Then we use the Elliptic Curve Metho to recover Z among the ivisors of ex Y. Afterwars, we fin p an using the euation + b = ex Y an the ineuality Z b <. This yiels the factorization of. The remainer of this per is organize as follows. In Section, we begin with some notations an a brief review of basic facts about the continue fraction algorithm an the Elliptic Curve Metho of factorization. In Section 3
4 3, we present some useful lemmas neee for the attack. In Section 4 we present our attack on RSA. In section 5, we estimate the size of the exponents that are weak with this attack. We conclue in Section 6. Preliminaries Let x be a real number. In this per, [x] enotes the nearest integer to x an x the largest integer less than or eual to x.. The Continue Fraction Algorithm Here we recall some facts from the theory of continue fractions. Let x 0 be a real number. Put x 0 = x an a 0 = x 0. Recursively, for n, if x n a n, efine x n = x n a n, a n = x n. For n, since 0 < x n a n <, then x n > an a n. This process is calle the continue fraction algorithm an yiels an expression of the form x = a 0 + a + a + which is calle the continue fraction expansion of x. This expression is often use in the form x = [a 0, a, a, ]. Any rational number a can be b expresse as a finite continue fraction x = [a 0, a, a,, a m ]. For i 0 (0 i m in the finite case, we efine the i th convergent of the continue fraction [a 0, a, a, ] to be [a 0, a, a,, a i ]. Each convergent is a rational number. The main results from the theory of continue fractions that we use in this per are the following two theorems (see, e.g. Theorem 64 an Theorem 84 of [8]. Theorem.. Let x be a real number. If Y is a convergent of x, then X x Y X < X., 4
5 Theorem.. Let x be a real number. If X an Y are coprime integers such that x Y X < X, then Y X is a convergent of x.. The Elliptic Curve Factorization Metho (ECM The Elliptic Curve Metho of factoring (ECM was originally propose by H.W. Lenstra [0] an subseuently extene by Brent [5], [6] an Montgomery []. The first part of the metho propose by Lenstra is calle Phase, an the extension by Brent an Montgomery is calle Phase. ECM is suite to fin small prime factors of large numbers. Let n be an integer with a prime factor p. Let E be a ranom elliptic curve efine over Z/nZ by a projective euation y z x 3 + axz + bz 3 (mo n, where (x : y : z P (Z/nZ, the projective plane over Z/nZ an a, b Z/nZ. The point at infinity is O = (0 : : 0. Let P E(Z/nZ. Let B an B be two bouns for prime numbers with B < B. Phase an phase of ECM work as follows: Phase : Calculate Q = (x Q : y Q : z Q = kp where k = B = prime log B e, e = log If the orer of E over Z/pZ ivies k, then Q coul be the point at infinity of E(Z/pZ, which means that z Q is a multiple of p. Thus p = gc(z Q, n. Phase : For each prime number k such that B < k < B, calculate Q = (x Q : y Q : z Q = kp an test if < gc(z Q, n < n. For similar reasons as in Phase, this can reveals a prime factor of n. Let M(n be the cost of one multiplication (mo n. Then ECM fins a factor p of n with the sub-exponentiel run time O ( { exp c log p log log p }. M(n, 5
6 where c is a constant. Accoring to Brent (see [6], the evolution of the ECM recor satisfies the euation Y 93.3 D =, 9.3 where D is the ecimal igits in the largest factor foun by ECM up to the ate Y. Extrolating, a 69-igit factor coul be foun in 00. In( [7], it is announce that a 73-igit prime factor of the special number 8 was foun by J. Bos, T. Kleinjung, A. Lenstra an P. Montgomery in 00. Conseuently, in this per, we consier that ECM is efficient to fin prime factors up to the the boun B ECM = Useful Lemmas In this section, we prove three useful lemmas. We begin by a very simple lemma on the size of the primes of the RSA moulus = p. Lemma 3.. Let = p be an RSA moulus with < p <. Then < < < p <. Proof. Multiplying < p < by p we get < p <, which gives < p <. Similarly, multiplying by we get < < which gives in turn < <. This terminates the proof. A key role in all our arguments is playe by the following lemma. Lemma 3.. Let [ ] = p be an RSA moulus with < p <. Let a be an integer an b =. Set S = + b. Then S ab = 4 S an b = S 4 4. [ ] Proof. Let a be an integer an let b =. Set S = + b. Since b, 6
7 then using Lemma 3., we get b <. On the other han, S 4ab = ( + b 4ab = ( b > 0. Hence 0 < S 4 ab = S 4ab = 4 S from which we euce ab = 4 ( b 4 < ( 4 = 6 <, accoring to the efinition of the floor function. On the other han, using again S 4ab = ( b > 0, we get b = S S 4ab = S 4. 4 This terminates the proof. We terminate with the following lemma which will be use for counting the number of exponents that are vulnerable to our attack. Lemma 3.3. Let m an n be positive integers. Then m φ(n n ω(n < m k= gc(k,n= < m φ(n n + ω(n, where ω(n is the number of istinct prime factors of n. Proof. Let µ( be the Möbius function which is efine by µ( =, µ( = 0 if is not suare-free an µ( = ( ω( if is suare-free where ω( is the number of istinct prime factors of. Then the Lengere Formula gives m k= gc(k,n= = n m µ(. 7
8 Since m m < m m µ( n +, then = n µ(= > n µ(= m µ( + n ( m µ( µ(= = µ( m n n µ(= > m µ( µ( n n = m φ(n n ω(n. The Möbius function satisfies (see 6.3. of [8] n µ( = φ(n n. + n µ(= m µ( µ( m It also satisfies n µ( = ω(n (Theorem 64 of [8]. It follows that m k= gc(k,n= > m φ(n n ω(n. 8
9 On the other han, using m m n m µ( = n µ(= < n µ(= = n < m n < m +, we get m µ( + m µ( n µ( m + µ( m + µ( µ(= n µ(= n µ(= + n = m φ(n n + ω(n. µ( where we use similar results. This conclues the proof. ( m µ( 4 The ew Class of Weak Keys in RSA In this section, we present a strategy to fin the prime factors p an of the moulus = p of an RSA instance with a public exponent e satisfying an euation ex Y = ( + bz for some a, b an Z satisfying 0 < a <, b = [ ], XZ < ( + b. otice that if X < 0 then e( X ( Y = ( + b( Z where X > 0. Thus, for symmetrical reason, we will consier only on the scenario when X > The ew Attack We begin by linking the solutions of the euation ex Y = ( + bz with the convergents of e. Theorem 4.. Let = p be an RSA[ moulus ] with < p <. Let a, b be integers such that 0 < a < an b =. Let e be an exponent satisfying 9
10 the euation ex Y = ( + bz. If gc(x, Y = an X Z < then Y is a convergent of e. X [ Proof. Assume 0 < a < an b = with X > 0. Then e Y X Assume X Z <, (+b ]. Suppose ex Y = ( + bz ( + bz =. X (+bz. Then <. From this we euce (+b X X e Y X < X, an by Theorem., we conclue that Y X continue fraction expansion of e. is one of the convergents of the otice that the continue fraction algorithm is a polynomial time algorithm an the number of convergents of is boune by O(log. This e results in a very efficient metho for fining the solution (X, Y in the euation ex Y = ( + bz. The following lemma shows how to fin the parameter Z assuming the efficiency of the Elliptic Curve metho. Lemma 4.. Let = p be an RSA moulus with < p <. Let e be an exponent satisfying the euation ex Y = (+bz with positive integers a, b where Y is a convergent of e. If all prime factors of Z are less than the X ECM-boun B ECM, then Z can be foun efficiently. Proof. Suppose e satisfies ex Y = ( + bz where Y is a convergent X e of an all prime factors of Z are less than B ECM. Set M = ex Y. Let p, p,, p k enote the istinct prime factors of M that are less than B ECM. Such primes can be efficiently etermine by plying ECM to M, namely, let M = M k i= p α i i, be the factorization of M where M = or M has no prime factor less than B ECM. By results of Hary an Ramanujan (see, e.g., Theorem 430 an Theorem 43 of [8], we know that, in average, the number of prime ivisors 0
11 of M is O(log log M if M is uniformly istribute. Since Y is a convergent X, then by Theorem., we have of e M = ( + b Z = ex Y < X. It follows that the average number of prime ivisors of M is boune by log log. On the other han, we know that M = ( + b Z where Z is B ECM -smooth. Hence Z is a ivisor of k. Thus i= pα i i Z = k i= p x i i, with 0 x i α i. The number of ivisors of k i= pα i i is k i= ( + α i. evertheless, by results of Dirichlet on the istribution of ivisors of a ranom integer (see, e.g., Theorem 43 of [8], the number of ivisors of M is O(log M where M <. This shows that the average number of caniates for Z is polynomially boune by O(log. This results in an efficient way to fin Z epening the efficiency of ECM. Given X, Y an Z satisfying ex Y = ( + bz. The following theorem shows how to fin the remainer parameters, namely a, b, p an. Theorem 4.3. Let = p be an RSA moulus with < p <. Let e be a public exponent [ ] satisfying the euation ex Y = (+bz with 0 < a < an b =. If Y is a convergent of e an Z is a B X ECM-smooth integer, then p an can be foun in polynomial time. Proof. Suppose that e satisfies the euation ex Y = ( + bz with known parameters X, Y an Z where p,, a an b[ are] the unknown parameters. Assume in aition that 0 < a < an b =. Define By Lemma 3. we get S ab = 4 S = + b = ex Y Z S an b = S 4 4.
12 Combining with + b = S, we fin = S ± S 4 S 4. Since 0 < a <, we recover p using p = gc(,. Hence = p. Since every calculation can be one in polynomial time, this conclues the proof. ow, we give the factorization algorithm. Algorithm The new attack Input: a public key (, e satisfying = p, < p < an ex Y = (+bz for small parameters X, Y, Z where gc(x, Y =, 0 < a < [ an b = ]. Output: the prime factors p an. : Compute the continue fraction expansion of e. : For every convergent Y of e with X < o X 3: Compute M = ex Y an ply ECM to fin the B ECM -smooth part M 0 of M. 4: Compute the ivisors of M 0. 5: For every ivisor Z of M 0 with Z < o X 6: Compute S = M, S Z 0 = an D = S : If D then 8: Compute p = gc (, S+D. 9: If < p < then 0: Output p, =, Stop p : En if : En if 3: En for 4: En for 5 Estimation of Weak Keys In this section, we give a very conservative estimation of the number of exponents for which our attack works. To be more precise, let a be an
13 integer with 0 < a < an let b =. Define α such that + b = +α. Let us consier the number of exponents e satisfying an euation ex Y = + b, with gc(x, + b =, e < an X <. Observe that since (+b gc(x, =, then reucing the euation ex Y = + b moulo yiels e ( + bx (mo. We begin by the following result. It shows that for fixe a an b, ifferent parameters X, X with X, X < X < efine ifferent exponents e (+b, e of the esire form. Lemma 5.. Let = p be an RSA moulus with < p <. Let a an b be positive integers such that a < an b < p. For i =,, let e i be exponents satisfying e i < an e i X i Y i = + b with gc(x i, + b = an X i <. If X (+b X then e e. Proof. Suppose that for i =,, we have e i X i Y i = + b. Assume for contraiction that e = e. Then ( + bx ( + bx (mo, which can be rewritten as ( + b ( X X 0 (mo. otice that, since gc( + b, =, then X X 0 (mo an X X 0 (mo. On the other han, we have ( X X X + X < <. ( + b Hence X X = 0 an X = X. This terminates the proof. ow we present a result which will be reuire for counting the weak exponents e with the structure e ( + bx (mo where gc(x, ( + b = an X <. (+b 3
14 Lemma 5.. Let = p be an RSA moulus with [ < ] p <. Let a an b be fixe positive integers such that a < an b. Define α by +b = +α. The number of the exponents e of the form e (+bx (mo with gc(x, + b = an X < α is O ( α ε where ε > 0 is arbitrary small for suitably large. Proof. Let a be a positive integer. Define α by + b = +α an let X 0 = α. Let (a enote the number of the exponents e satisfying e ( + bx (mo with gc(x, + b = an X < α. We have ( (a = X 0 X= gc(x,+b= Using Lemma 3.3 with n = + b an m = X 0, we get ( X 0 φ( + b + b. ω(+b < (a < X 0 φ( + b + b + ω(+b, Here, ω(+b is the number of suare free ivisors of + b which is upper boune by the total number τ( + b of ivisors of + b. We recall that τ(n satisfies τ(n = O(log log n (Theorems of [8]. It follows that φ(+b the ominant term in ( is X 0. Using this with n = + b = +α +b an X 0 =, α this leas to (a = O ( α φ ( + b. On the other han, for n, we have (see Theorem 38 of [8] cn φ(n > log log n, where c is a positive constant. Taking n = + b = +α, this implies ( α (a = O = O ( log log +α α ε, where ε satisfies ε = log log an epens only on. This terminates the proof. 4
15 ow we are able to prove an estimation for the number of exponents for which our attack works. Actually, we give a very conservative [ ] estimation with a =. Observe that since < p <, then b = satisfies so that b = or b =. [ ] p, Theorem 5.3. Let = p be an RSA moulus with < p <. An estimation of the number of exponents e < such that e (p + X (mo is O ( ε where ε > 0 is arbitrarily small for suitably large. Proof. Let enote the number of exponents e < with the structure e (p + X (mo for some X <. Using Lemma 5., we get (p+ ( = O α ε where α satisfies p + = +α. Using Lemma 3., we get ( + < p + < ( +. It follows that α satisfies ( log + < α < log, p ( log +. log This implies that α is arbitrarily small for large. Conseuently, we get = O ( ε, where ε = ε + α is arbitrarily small for large. proof. This terminates the 6 Conclusion In this per, we stuie the class of exponents e satisfying an euation ex Y = ( + bz, 5
16 where X, Y, Z, a an b are integers satisfying [ ] 0 < a <, b =, X Z < ( + b, an all prime factors of Z are less than the Elliptic Curve Metho of factorization boun B ECM = Using the continue fraction algorithm an the Elliptic Curve Metho of factorization (ECM, we showe that such exponents are vulnerable an lea to the factorization of the RSA moulus = p. We also showe that the new class of weak exponents is sufficiently large since the size of this class can be estimate as ε where ε > 0 is arbitrary small for suitably large. References [] Blömer, J., May, A.: Low secret exponent RSA revisite. In: Silverman, J.H. (e. CaLC 00. LCS, vol. 46, pp. 49. Springer, Heielberg (00. [] Blömer, J., May, A.: A generalize Wiener attack on RSA. In Public Key Cryptogrhy - PKC 004, volume 947 of Lecture otes in Computer Science, Springer-Verlag (004, -3. [3] Boneh, D.: Twenty years of attacks on the RSA cryptosystem. otices of the American Mathematical Society (AMS 46 ( (999, [4] Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key less than 0.9, Avances in Cryptology Eurocrypt 99, Lecture otes in Computer Science Vol. 59, Springer-Verlag (999, -. [5] Brent, R.P.: Some integer factorization algorithms using elliptic curves, Australian Computer Science Communications, vol. 8 (986, [6] Brent, R.P.: Recent progress an prospects for integer factorisation algorithms, Springer-Verlag LCS 858 (000, 3. [7] Coppersmith, D.: Small solutions to polynomial euations, an low exponent RSA vulnerabilities. Journal of Cryptology, 0(4 (997,
17 [8] Hary, G.H., Wright, E.M.: An Introuction to the Theory of umbers. Oxfor University Press, Lonon (975. [9] Hinek, J.M.: Cryptanalysis of RSA an Its Variants, Chman & Hall/CRC Press (009. [0] Lenstra, H.W.: Factoring integers with elliptic curves, Annals of Mathematics, vol. 6 (987, [] Maitra, S., Sarkar, S.: Revisiting Wiener s Attack - ew Weak Keys in RSA. ISC 008 (008, [] Montgomery, P.L.: Speeing the Pollar an elliptic curve methos of factorization, Mathematics of Computation, vol. 48 (987, [3] itaj, A.: Another generalization of Wiener s attack on RSA, In: Vauenay, S. (e. Africacrypt 008. LCS, vol. 503, Springer, Heielberg (008, [4] itaj, A.: Cryptanalysis of RSA using the ratio of the primes, In: B. Preneel (E. Africacrypt 009, LCS 5580, 009. Springer-Verlag, Berlin Heielberg (009, [5] Rivest, R., Shamir A., Aleman, L.: A Metho for Obtaining Digital Signatures an Public-Key Cryptosystems, Communications of the ACM, Vol. ( (978, 0-6. [6] Wiener, M.: Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory, Vol. 36 (990, [7] Zimmermann, P.: 50 largest factors foun by ECM fr/~zimmerma/recors/top50.html. 7
International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
More informationFactoring Dickson polynomials over finite fields
Factoring Dickson polynomials over finite fiels Manjul Bhargava Department of Mathematics, Princeton University. Princeton NJ 08544 manjul@math.princeton.eu Michael Zieve Department of Mathematics, University
More informationA Generalization of Sauer s Lemma to Classes of Large-Margin Functions
A Generalization of Sauer s Lemma to Classes of Large-Margin Functions Joel Ratsaby University College Lonon Gower Street, Lonon WC1E 6BT, Unite Kingom J.Ratsaby@cs.ucl.ac.uk, WWW home page: http://www.cs.ucl.ac.uk/staff/j.ratsaby/
More informationPythagorean Triples Over Gaussian Integers
International Journal of Algebra, Vol. 6, 01, no., 55-64 Pythagorean Triples Over Gaussian Integers Cheranoot Somboonkulavui 1 Department of Mathematics, Faculty of Science Chulalongkorn University Bangkok
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationMATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction
MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key
More informationThe Mathematical Cryptography of the RSA Cryptosystem
The Mathematical Cryptography of the RSA Cryptosystem Abderrahmane Nitaj Laboratoire de Mathématiques Nicolas Oresme Université de Caen, France abderrahmanenitaj@unicaenfr http://wwwmathunicaenfr/~nitaj
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.436J/15.085J Fall 2008 Lecture 14 10/27/2008 MOMENT GENERATING FUNCTIONS
MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.436J/15.085J Fall 2008 Lecture 14 10/27/2008 MOMENT GENERATING FUNCTIONS Contents 1. Moment generating functions 2. Sum of a ranom number of ranom variables 3. Transforms
More informationSECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption Jean-Sébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jean-sebastien.coron,david.naccache}@gemplus.com
More informationMath 230.01, Fall 2012: HW 1 Solutions
Math 3., Fall : HW Solutions Problem (p.9 #). Suppose a wor is picke at ranom from this sentence. Fin: a) the chance the wor has at least letters; SOLUTION: All wors are equally likely to be chosen. The
More informationA Comparison of Performance Measures for Online Algorithms
A Comparison of Performance Measures for Online Algorithms Joan Boyar 1, Sany Irani 2, an Kim S. Larsen 1 1 Department of Mathematics an Computer Science, University of Southern Denmark, Campusvej 55,
More informationDigital barrier option contract with exponential random time
IMA Journal of Applie Mathematics Avance Access publishe June 9, IMA Journal of Applie Mathematics ) Page of 9 oi:.93/imamat/hxs3 Digital barrier option contract with exponential ranom time Doobae Jun
More informationNEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationA New Evaluation Measure for Information Retrieval Systems
A New Evaluation Measure for Information Retrieval Systems Martin Mehlitz martin.mehlitz@ai-labor.e Christian Bauckhage Deutsche Telekom Laboratories christian.bauckhage@telekom.e Jérôme Kunegis jerome.kunegis@ai-labor.e
More information10.2 Systems of Linear Equations: Matrices
SECTION 0.2 Systems of Linear Equations: Matrices 7 0.2 Systems of Linear Equations: Matrices OBJECTIVES Write the Augmente Matrix of a System of Linear Equations 2 Write the System from the Augmente Matrix
More informationOn Adaboost and Optimal Betting Strategies
On Aaboost an Optimal Betting Strategies Pasquale Malacaria 1 an Fabrizio Smerali 1 1 School of Electronic Engineering an Computer Science, Queen Mary University of Lonon, Lonon, UK Abstract We explore
More informationLecture L25-3D Rigid Body Kinematics
J. Peraire, S. Winall 16.07 Dynamics Fall 2008 Version 2.0 Lecture L25-3D Rigi Boy Kinematics In this lecture, we consier the motion of a 3D rigi boy. We shall see that in the general three-imensional
More informationFirewall Design: Consistency, Completeness, and Compactness
C IS COS YS TE MS Firewall Design: Consistency, Completeness, an Compactness Mohame G. Goua an Xiang-Yang Alex Liu Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712-1188,
More informationNote on some explicit formulae for twin prime counting function
Notes on Number Theory and Discrete Mathematics Vol. 9, 03, No., 43 48 Note on some explicit formulae for twin prime counting function Mladen Vassilev-Missana 5 V. Hugo Str., 4 Sofia, Bulgaria e-mail:
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationSensitivity Analysis of Non-linear Performance with Probability Distortion
Preprints of the 19th Worl Congress The International Feeration of Automatic Control Cape Town, South Africa. August 24-29, 214 Sensitivity Analysis of Non-linear Performance with Probability Distortion
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More information2r 1. Definition (Degree Measure). Let G be a r-graph of order n and average degree d. Let S V (G). The degree measure µ(s) of S is defined by,
Theorem Simple Containers Theorem) Let G be a simple, r-graph of average egree an of orer n Let 0 < δ < If is large enough, then there exists a collection of sets C PV G)) satisfying: i) for every inepenent
More informationPrimality Testing and Factorization Methods
Primality Testing and Factorization Methods Eli Howey May 27, 2014 Abstract Since the days of Euclid and Eratosthenes, mathematicians have taken a keen interest in finding the nontrivial factors of integers,
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationAn intertemporal model of the real exchange rate, stock market, and international debt dynamics: policy simulations
This page may be remove to conceal the ientities of the authors An intertemporal moel of the real exchange rate, stock market, an international ebt ynamics: policy simulations Saziye Gazioglu an W. Davi
More informationLUC: A New Public Key System
LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of
More informationBV has the bounded approximation property
The Journal of Geometric Analysis volume 15 (2005), number 1, pp. 1-7 [version, April 14, 2005] BV has the boune approximation property G. Alberti, M. Csörnyei, A. Pe lczyński, D. Preiss Abstract: We prove
More informationAlgebraic and Transcendental Numbers
Pondicherry University July 2000 Algebraic and Transcendental Numbers Stéphane Fischler This text is meant to be an introduction to algebraic and transcendental numbers. For a detailed (though elementary)
More informationSecurity Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing
Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing S.Hemalatha, Dr.R.Manickachezian Ph.D Research Scholar, Department of Computer Science, N.G.M College, Pollachi,
More informationFactoring N = p r q for Large r
Factoring N = p r q for Large r Dan Boneh 1,GlennDurfee 1, and Nick Howgrave-Graham 2 1 Computer Science Department, Stanford University, Stanford, CA 94305-9045 {dabo,gdurf}@cs.stanford.edu 2 Mathematical
More informationLecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationThe Quick Calculus Tutorial
The Quick Calculus Tutorial This text is a quick introuction into Calculus ieas an techniques. It is esigne to help you if you take the Calculus base course Physics 211 at the same time with Calculus I,
More informationRSA Encryption. Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003
RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 1 Public Key Cryptography One of the biggest problems in cryptography is the distribution of keys.
More informationArithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28
Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer
More informationCONTINUED FRACTIONS AND FACTORING. Niels Lauritzen
CONTINUED FRACTIONS AND FACTORING Niels Lauritzen ii NIELS LAURITZEN DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF AARHUS, DENMARK EMAIL: niels@imf.au.dk URL: http://home.imf.au.dk/niels/ Contents
More informationLecture 13 - Basic Number Theory.
Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted
More informationISSN: 2277-3754 ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 12, June 2014
ISSN: 77-754 ISO 900:008 Certifie International Journal of Engineering an Innovative echnology (IJEI) Volume, Issue, June 04 Manufacturing process with isruption uner Quaratic Deman for Deteriorating Inventory
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationSensor Network Localization from Local Connectivity : Performance Analysis for the MDS-MAP Algorithm
Sensor Network Localization from Local Connectivity : Performance Analysis for the MDS-MAP Algorithm Sewoong Oh an Anrea Montanari Electrical Engineering an Statistics Department Stanfor University, Stanfor,
More informationModelling and Resolving Software Dependencies
June 15, 2005 Abstract Many Linux istributions an other moern operating systems feature the explicit eclaration of (often complex) epenency relationships between the pieces of software
More informationLecture 25: Pairing-Based Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: Pairing-Based Cryptography Scribe: Ben Adida 1 Introduction The field of Pairing-Based Cryptography
More informationCHAPTER 5. Number Theory. 1. Integers and Division. Discussion
CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a
More informationDifferentiability of Exponential Functions
Differentiability of Exponential Functions Philip M. Anselone an John W. Lee Philip Anselone (panselone@actionnet.net) receive his Ph.D. from Oregon State in 1957. After a few years at Johns Hopkins an
More informationContinued Fractions. Darren C. Collins
Continued Fractions Darren C Collins Abstract In this paper, we discuss continued fractions First, we discuss the definition and notation Second, we discuss the development of the subject throughout history
More informationOptimal Control Of Production Inventory Systems With Deteriorating Items And Dynamic Costs
Applie Mathematics E-Notes, 8(2008), 194-202 c ISSN 1607-2510 Available free at mirror sites of http://www.math.nthu.eu.tw/ amen/ Optimal Control Of Prouction Inventory Systems With Deteriorating Items
More informationALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION
ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION Aldrin W. Wanambisi 1* School of Pure and Applied Science, Mount Kenya University, P.O box 553-50100, Kakamega, Kenya. Shem Aywa 2 Department of Mathematics,
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationMODELLING OF TWO STRATEGIES IN INVENTORY CONTROL SYSTEM WITH RANDOM LEAD TIME AND DEMAND
art I. robobabilystic Moels Computer Moelling an New echnologies 27 Vol. No. 2-3 ransport an elecommunication Institute omonosova iga V-9 atvia MOEING OF WO AEGIE IN INVENOY CONO YEM WIH ANOM EA IME AN
More informationMATH10040 Chapter 2: Prime and relatively prime numbers
MATH10040 Chapter 2: Prime and relatively prime numbers Recall the basic definition: 1. Prime numbers Definition 1.1. Recall that a positive integer is said to be prime if it has precisely two positive
More informationExponential Functions: Differentiation and Integration. The Natural Exponential Function
46_54.q //4 :59 PM Page 5 5 CHAPTER 5 Logarithmic, Eponential, an Other Transcenental Functions Section 5.4 f () = e f() = ln The inverse function of the natural logarithmic function is the natural eponential
More informationSection 3.3. Differentiation of Polynomials and Rational Functions. Difference Equations to Differential Equations
Difference Equations to Differential Equations Section 3.3 Differentiation of Polynomials an Rational Functions In tis section we begin te task of iscovering rules for ifferentiating various classes of
More informationA Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers
A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers Johannes Blömer, Alexander May Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn
More informationTwo Integer Factorization Methods
Two Integer Factorization Methods Christopher Koch April 22, 2014 Abstract Integer factorization methods are algorithms that find the prime divisors of any positive integer. Besides studying trial division
More informationMSc. Econ: MATHEMATICAL STATISTICS, 1995 MAXIMUM-LIKELIHOOD ESTIMATION
MAXIMUM-LIKELIHOOD ESTIMATION The General Theory of M-L Estimation In orer to erive an M-L estimator, we are boun to make an assumption about the functional form of the istribution which generates the
More informationPublic-Key Cryptanalysis 1: Introduction and Factoring
Public-Key Cryptanalysis 1: Introduction and Factoring Nadia Heninger University of Pennsylvania July 21, 2013 Adventures in Cryptanalysis Part 1: Introduction and Factoring. What is public-key crypto
More informationCryptosystem. Diploma Thesis. Mol Petros. July 17, 2006. Supervisor: Stathis Zachos
s and s and Diploma Thesis Department of Electrical and Computer Engineering, National Technical University of Athens July 17, 2006 Supervisor: Stathis Zachos ol Petros (Department of Electrical and Computer
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationAn Approach to Shorten Digital Signature Length
Computer Science Journal of Moldova, vol.14, no.342, 2006 An Approach to Shorten Digital Signature Length Nikolay A. Moldovyan Abstract A new method is proposed to design short signature schemes based
More informationDit proefschrift is goedgekeurd door de promotor: prof.dr.ir. H.C.A. van Tilborg Copromotor: dr. B.M.M. de Weger
Dit proefschrift is goedgekeurd door de promotor: prof.dr.ir. H.C.A. van Tilborg Copromotor: dr. B.M.M. de Weger CIP-DATA LIBRARY TECHNISCHE UNIVERSITEIT EINDHOVEN Jochemsz, Ellen Cryptanalysis of RSA
More informationAn Introduction to the RSA Encryption Method
April 17, 2012 Outline 1 History 2 3 4 5 History RSA stands for Rivest, Shamir, and Adelman, the last names of the designers It was first published in 1978 as one of the first public-key crytographic systems
More informationModule: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Applied Cryptography Professor Patrick McDaniel Fall 2010 Page 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationThe wave equation is an important tool to study the relation between spectral theory and geometry on manifolds. Let U R n be an open set and let
1. The wave equation The wave equation is an important tool to stuy the relation between spectral theory an geometry on manifols. Let U R n be an open set an let = n j=1 be the Eucliean Laplace operator.
More informationCh 10. Arithmetic Average Options and Asian Opitons
Ch 10. Arithmetic Average Options an Asian Opitons I. Asian Option an the Analytic Pricing Formula II. Binomial Tree Moel to Price Average Options III. Combination of Arithmetic Average an Reset Options
More informationMinimum-Energy Broadcast in All-Wireless Networks: NP-Completeness and Distribution Issues
Minimum-Energy Broacast in All-Wireless Networks: NP-Completeness an Distribution Issues Mario Čagal LCA-EPFL CH-05 Lausanne Switzerlan mario.cagal@epfl.ch Jean-Pierre Hubaux LCA-EPFL CH-05 Lausanne Switzerlan
More informationParameterized Algorithms for d-hitting Set: the Weighted Case Henning Fernau. Univ. Trier, FB 4 Abteilung Informatik 54286 Trier, Germany
Parameterize Algorithms for -Hitting Set: the Weighte Case Henning Fernau Trierer Forschungsberichte; Trier: Technical Reports Informatik / Mathematik No. 08-6, July 2008 Univ. Trier, FB 4 Abteilung Informatik
More informationInteger Factorization using the Quadratic Sieve
Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More information1 if 1 x 0 1 if 0 x 1
Chapter 3 Continuity In this chapter we begin by defining the fundamental notion of continuity for real valued functions of a single real variable. When trying to decide whether a given function is or
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationHow To Find Out How To Calculate Volume Of A Sphere
Contents High-Dimensional Space. Properties of High-Dimensional Space..................... 4. The High-Dimensional Sphere......................... 5.. The Sphere an the Cube in Higher Dimensions...........
More informationOn the coefficients of the polynomial in the number field sieve
On the coefficients of the polynomial in the number field sieve Yang Min a, Meng Qingshu b,, Wang Zhangyi b, Li Li a, Zhang Huanguo b a International School of Software, Wuhan University, Hubei, China,
More informationPrimality - Factorization
Primality - Factorization Christophe Ritzenthaler November 9, 2009 1 Prime and factorization Definition 1.1. An integer p > 1 is called a prime number (nombre premier) if it has only 1 and p as divisors.
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM
ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM DANIEL PARKER Abstract. This paper provides a foundation for understanding Lenstra s Elliptic Curve Algorithm for factoring large numbers. We give
More informationGame Theoretic Modeling of Cooperation among Service Providers in Mobile Cloud Computing Environments
2012 IEEE Wireless Communications an Networking Conference: Services, Applications, an Business Game Theoretic Moeling of Cooperation among Service Proviers in Mobile Clou Computing Environments Dusit
More informationFaster deterministic integer factorisation
David Harvey (joint work with Edgar Costa, NYU) University of New South Wales 25th October 2011 The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers
More informationBreaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and
Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study
More informationIntroduction to Integration Part 1: Anti-Differentiation
Mathematics Learning Centre Introuction to Integration Part : Anti-Differentiation Mary Barnes c 999 University of Syney Contents For Reference. Table of erivatives......2 New notation.... 2 Introuction
More informationMathematical Models of Therapeutical Actions Related to Tumour and Immune System Competition
Mathematical Moels of Therapeutical Actions Relate to Tumour an Immune System Competition Elena De Angelis (1 an Pierre-Emmanuel Jabin (2 (1 Dipartimento i Matematica, Politecnico i Torino Corso Duca egli
More informationFactoring pq 2 with Quadratic Forms: Nice Cryptanalyses
Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses Phong Nguyễn http://www.di.ens.fr/~pnguyen & ASIACRYPT 2009 Joint work with G. Castagnos, A. Joux and F. Laguillaumie Summary Factoring A New Factoring
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationMathematics Review for Economists
Mathematics Review for Economists by John E. Floy University of Toronto May 9, 2013 This ocument presents a review of very basic mathematics for use by stuents who plan to stuy economics in grauate school
More information2.1 Complexity Classes
15-859(M): Randomized Algorithms Lecturer: Shuchi Chawla Topic: Complexity classes, Identity checking Date: September 15, 2004 Scribe: Andrew Gilpin 2.1 Complexity Classes In this lecture we will look
More informationView Synthesis by Image Mapping and Interpolation
View Synthesis by Image Mapping an Interpolation Farris J. Halim Jesse S. Jin, School of Computer Science & Engineering, University of New South Wales Syney, NSW 05, Australia Basser epartment of Computer
More informationDetecting Possibly Fraudulent or Error-Prone Survey Data Using Benford s Law
Detecting Possibly Frauulent or Error-Prone Survey Data Using Benfor s Law Davi Swanson, Moon Jung Cho, John Eltinge U.S. Bureau of Labor Statistics 2 Massachusetts Ave., NE, Room 3650, Washington, DC
More informationCS 103X: Discrete Structures Homework Assignment 3 Solutions
CS 103X: Discrete Structures Homework Assignment 3 s Exercise 1 (20 points). On well-ordering and induction: (a) Prove the induction principle from the well-ordering principle. (b) Prove the well-ordering
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationContinued Fractions and the Euclidean Algorithm
Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction
More informationSUM OF TWO SQUARES JAHNAVI BHASKAR
SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted
More informationFactoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute
RSA cryptosystem HRI, Allahabad, February, 2005 0 Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute Allahabad (UP), INDIA February, 2005 RSA cryptosystem HRI,
More informationThe one-year non-life insurance risk
The one-year non-life insurance risk Ohlsson, Esbjörn & Lauzeningks, Jan Abstract With few exceptions, the literature on non-life insurance reserve risk has been evote to the ultimo risk, the risk in the
More informationFactoring a semiprime n by estimating φ(n)
Factoring a semiprime n by estimating φ(n) Kyle Kloster May 7, 2010 Abstract A factoring algorithm, called the Phi-Finder algorithm, is presented that factors a product of two primes, n = pq, by determining
More informationWhich Networks Are Least Susceptible to Cascading Failures?
Which Networks Are Least Susceptible to Cascaing Failures? Larry Blume Davi Easley Jon Kleinberg Robert Kleinberg Éva Taros July 011 Abstract. The resilience of networks to various types of failures is
More informationFinding Small Roots of Bivariate Integer Polynomial Equations Revisited
Finding Small Roots of Bivariate Integer Polynomial Equations Revisited Jean-Sébastien Coron Gemplus Card International 34 rue Guynemer, 92447 Issy-les-Moulineaux, France jean-sebastien.coron@gemplus.com
More information