Deterministic polynomial-time equivalence of computing the RSA secret key and factoring

被引:44
作者
Coron, Jean-Sebastien
May, Alexander
机构
[1] Univ Luxembourg, L-1511 Luxembourg, Luxembourg
[2] Tech Univ Darmstadt, Dept Comp Sci, D-64289 Darmstadt, Germany
来源
JOURNAL OF CRYPTOLOGY | 2007年 / 20卷 / 01期
关键词
RSA; Coppersmith's theorem; EQUATIONS; EXPONENT;
D O I
10.1007/s00145-006-0433-6
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
We address one of the most fundamental problems concerning the RSA cryptosystem: does the knowledge of the RSA public and secret key pair (e, d) yield the factorization of N = pq in polynomial time? It is well known that there is a probabilistic polynomial-time algorithm that on input (N, e, d) outputs the factors p and q. We present the first deterministic polynomial-time algorithm that factors N given (e, d) provided that e, d < phi(N). Our approach is an application of Coppersmith's technique for finding small roots of univariate modular polynomials.
引用
收藏
页码:39 / 50
页数:12
相关论文
共 12 条
[1]  
[Anonymous], P 7 ANN ACM S THEOR
[2]  
Boneh D., 1999, Advances in Cryptology-CRYPTO'99, P326
[3]   Small solutions to polynomial equations, and low exponent RSA vulnerabilities [J].
Coppersmith, D .
JOURNAL OF CRYPTOLOGY, 1997, 10 (04) :233-260
[4]  
Durfee G, 2000, LECT NOTES COMPUT SC, V1976, P14
[5]  
Howgrave-Graham N, 1997, LECT NOTES COMPUT SC, V1355, P131, DOI 10.1007/BFb0024458
[6]  
Howgrave-Graham N, 2001, LECT NOTES COMPUT SC, V2146, P51
[7]   FACTORING POLYNOMIALS WITH RATIONAL COEFFICIENTS [J].
LENSTRA, AK ;
LENSTRA, HW ;
LOVASZ, L .
MATHEMATISCHE ANNALEN, 1982, 261 (04) :515-534
[8]  
May A, 2004, LECT NOTES COMPUT SC, V3152, P213
[9]  
Nguyên PQ, 2005, LECT NOTES COMPUT SC, V3494, P215
[10]  
Nguyen PQ, 2001, LECT NOTES COMPUT SC, V2146, P146
12