Results 11  20
of
27
Computational Methods in Public Key Cryptology
, 2002
"... These notes informally review the most common methods from computational number theory that have applications in public key cryptology. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
These notes informally review the most common methods from computational number theory that have applications in public key cryptology.
FIPS PUB 1863 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS)
, 2009
"... of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed t ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
of Standards and Technology (NIST) is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of the Federal Information Security Management Act (FISMA) of 2002. Comments concerning FIPS publications are welcomed and should be addressed to the
HighPerformance Integer Factoring with Reconfigurable Devices
 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS
, 2010
"... We present a novel FPGAbased implementation of the Elliptic Curve Method (ECM) for the factorization of mediumsized composite integers. More precisely, we demonstrate an ECM implementation capable to determine prime factors of up to 2,424 151bit integers per second using a single Xilinx Virtex4 ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
We present a novel FPGAbased implementation of the Elliptic Curve Method (ECM) for the factorization of mediumsized composite integers. More precisely, we demonstrate an ECM implementation capable to determine prime factors of up to 2,424 151bit integers per second using a single Xilinx Virtex4 SX35 FPGA. Using this implementation on a cluster like the COPACOBANA is beneficial for attacking cryptographic primitives like the wellknown RSA cryptosystem with advanced methods such as the Number Field Sieve (NFS). To provide this vast number of integer factorizations per FPGA, we make use of the available DSP blocks on each Virtex4 device to accelerate lowlevel arithmetic computations. This methodology allows the development of a timearea efficient design that runs 24 ECM cores in parallel, implementing both phase 1 and phase 2 of the ECM. Moreover, our design is fully scalable and supports composite integers in the range from 66 to 236 bits without any significant modifications to the hardware. Compared to the implementation by Gaj et al., who reported an ECM design for the same Virtex4 platform, our improved architecture provides an advanced costperformance ratio which is better by a factor of 37.
On the Security of a Williams Based Public Key Encryption Scheme
"... Abstract. In 1984, H.C. Williams introduced a public key cryptosystem whose security is as intractable as factorization. Motivated by some strong and interesting cryptographic properties of the intrinsic structure of this scheme, we present a practical modification thereof that has very strong secur ..."
Abstract
 Add to MetaCart
Abstract. In 1984, H.C. Williams introduced a public key cryptosystem whose security is as intractable as factorization. Motivated by some strong and interesting cryptographic properties of the intrinsic structure of this scheme, we present a practical modification thereof that has very strong security properties. We establish, and prove, a generalization of the “solesamplability ” paradigm of ZhengSeberry (1993) which is reminiscent of the plaintextawareness concept of Bellare et. al. The assumptions that we make are both welldefined and reasonable. In particular, we do not model the functions as random oracles. In essence, the proof of security is based on the factorization problem of any large integer n = pq and Canetti’s “oracle hashing ” construction introduced in 1997. Another advantage of our system is that we do not rely on any special structure of the modulus n = pq, nor do we require any specific form of the primes p and q. As our main result we establish a model which implies security attributes even stronger than semantic security against chosen ciphertext attacks.
Some New Pollard ρ's and Attacks for RSA
, 1997
"... We introduce Pollard's ae method and factorisation. We highlight some sequences modulo n which are good for factorising an RSA modulus, that is, factorising, n = pq, p, q prime. A sequence fSg modulo n which "is good for factorising n" has the following two properties: ffl fSg has a "short" period ..."
Abstract
 Add to MetaCart
We introduce Pollard's ae method and factorisation. We highlight some sequences modulo n which are good for factorising an RSA modulus, that is, factorising, n = pq, p, q prime. A sequence fSg modulo n which "is good for factorising n" has the following two properties: ffl fSg has a "short" period ß modulo p (or modulo q); ffl the periods of fSg modulo p and modulo q are not equal. We examine the periods ß of a variety of such sequences fSg. Let fFg = f i and fHg = h i be Fibonacci/Lucas or any second order linear recurrent sequences, let a; b 2 Z p . We then examine the following sequences fSg, fTg, fUg, fV g: ffl fSg = s i , where s 0 = a, s i+1 = s b i modulo p. ffl fTg = t i , where t i = f a i modulo p. ffl fUg = u i , where u i = a f i modulo p. ffl fV g = v i , where v i = f h i modulo p. In all these sequences the next element can be computed efficiently from the previous one. For example, f ak can be computed from f k by one matrixexponentiation to the power a....
Generalised Cycling Attacks on RSA
"... Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x 0 = c mod n; x i+1 = x e i mod n; i = 0; 1; : : : until gcd(x i+1 \Gamma x 0 ; n) 6= 1 or i ? B, B a given boundary. If i B, there are two cases. Case 1: gcd(x i+1 \Gamma x 0 ; n) = n. In this ..."
Abstract
 Add to MetaCart
Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence x 0 = c mod n; x i+1 = x e i mod n; i = 0; 1; : : : until gcd(x i+1 \Gamma x 0 ; n) 6= 1 or i ? B, B a given boundary. If i B, there are two cases. Case 1: gcd(x i+1 \Gamma x 0 ; n) = n. In this case x i = m and the secret message m can be recovered. Case 2: 1 6= gcd(x i+1 \Gamma x 0 ; n) 6= n. In this case, the RSA modulus n can be factorised. If i B, then Case 2 is much more likely to occur than Case 1. This attack is called a cycling attack. We introduce some new generalised cycling attacks. These attacks work without the knowledge of e and c. Therefore, these attacks can be used as factorisation algorithms. We introduce Lucas sequences V (P; 1), the Carmichael function (\Delta) and we define the \Omega\Gamma \Delta; \Delta) function. The attacks involve Lucas sequences. The Carmichael and the Omega functions then describe an upper bound of the complexity of the attacks. We als...
Enjeux Et Avancées De La Théorie Algorithmique Des Nombres
, 1992
"... Introduction L'apparition des syst`emes de chiffrement `a clefs publiques de fa¸con g'en'erale [DH76], et du syst`eme de chiffrement RSA en particulier [ARS78], a caus'e un regain d'int'eret pour la th'eorie des nombres et en particulier l'arithm'etique dans ses aspects calculatoires. Pour r'epondr ..."
Abstract
 Add to MetaCart
Introduction L'apparition des syst`emes de chiffrement `a clefs publiques de fa¸con g'en'erale [DH76], et du syst`eme de chiffrement RSA en particulier [ARS78], a caus'e un regain d'int'eret pour la th'eorie des nombres et en particulier l'arithm'etique dans ses aspects calculatoires. Pour r'epondre `a des questions aussi simples que celles concernant la d'ecomposition des nombres en facteurs premiers, il a fallu donner des r'eponses algorithmiques prenant en compte la faisabilit'e des calculs ainsi que le temps imparti pour donner une r'eponse satisfaisante. Cela a provoqu'e l'essor de la th'eorie algorithmique des nombres. Cet expos'e est destin'e `a mettre en lumi`ere les progr`es accomplis depuis une dizaine d'ann'ees dans les domaines de la primalit'e des entiers (comment peuton prouver qu'un entier de quelques centaines de chiffres d'ecimaux est premier) ; factorisation des entiers (quels sont les facteurs d'un nombre qui n'est pas premier) ; logarithme
Topics in PublicKey Cryptography II
, 1999
"... 6> Vn(P; Q) from Dickson polynomials Vn(P; Q) = [ n 2 ] X i=0 n n \Gamma i ` n \Gamma i i ' (\GammaQ) i P n\Gamma2i Fact: Vn(V k (P; Q); Q k ) = V nk (P; Q). In particular, if Q = 1, then Vn(V k (P; 1); 1) = V nk (P; 1) = V k (Vn(P; Q); 1). The above fact forms the bas ..."
Abstract
 Add to MetaCart
6> Vn(P; Q) from Dickson polynomials Vn(P; Q) = [ n 2 ] X i=0 n n \Gamma i ` n \Gamma i i ' (\GammaQ) i P n\Gamma2i Fact: Vn(V k (P; Q); Q k ) = V nk (P; Q). In particular, if Q = 1, then Vn(V k (P; 1); 1) = V nk (P; 1) = V k (Vn(P; Q); 1). The above fact forms the basis for many RSA and ElGamal type cryptosystems based on Lucas sequences. Observe th
Cryptanalysis of Koyama Scheme
, 2006
"... In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper. ..."
Abstract
 Add to MetaCart
In this paper we analyze the security of Koyama scheme based on the singular cubic curve for some well known attacks. We provide an efficient algorithm for linearly related plaintext attack and identify isomorphic attack on Koyama scheme. Some other attacks are also discussed in this paper.