Dedicated to the memory of W. ‘Red ’ Alford, friend and colleague Abstract. “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem

Dedicated to the memory of W. ‘Red ’ Alford, friend and colleague Abstract. “The problem of distinguishing prime numbers from composite numbers, and of resolving the latter into their prime factors is known to be one of the most important and useful in arithmetic. It has engaged the industry and wisdom of ancient and modern geometers to such an extent that it would be superfluous to discuss the problem at length. Nevertheless we must confess that all methods that have been proposed thus far are either restricted to very special cases or are so laborious and difficult that even for numbers that do not exceed the limits of tables constructed by estimable men, they try the patience of even the practiced calculator. And these methods do not apply at all to larger numbers... It frequently happens that the trained calculator will be sufficiently rewarded by reducing large numbers to their factors so that it will compensate for the time spent. Further, the dignity of the science itself seems to require that every possible means be explored for the solution of a problem so elegant and so celebrated... It is in the nature of the problem

Abstract. We address the problem of polynomial time solving univariate modular equations with mutually co-prime moduli. For a given system of equations we determine up to which size the common roots can be calculated efficiently. We further determine the minimum number of equations which suffice for a recovery of all common roots. The result that we obtain is superior to Håstad’s original RSA broadcast attack, even if Håstad’s method is combined with the best known lattice technique due to Coppersmith. Namely, our reduction uses a slightly different transformation from polynomial systems to a single polynomial. Thus, our improvement is achieved by optimal polynomial modelling rather than improved lattice techniques. Moreover, we show by a counting argument that our results cannot be improved in general. A typical application for our algorithm is an improved attack on RSA with a smaller number of polynomially related messages.

In public-key cryptography, each individual has a pair of keys, (e, d), where e is the public key known to the others, and d is the private key known merely to the owner. The public key is used to encrypt the message sent (or signing the message), and the private key is used to decrypt the ciphertext (or verifying the message). Likewise to secret key algorithms, public key algorithms take a plain message and perform a irreversible transformation on it. RSA, namely after its three inventors, Rivest, Shamir, and Adleman [6], is a public key cryptographic algorithms that may perform both encryption and decryption. RSA is frequently used in applications such as e-mail, e-banking, remote login, etc, where security of digital data is a primary concern. Over years, numerous attacks on RSA illustrating RSA’s present and potential vulnerability have brought our attention to the security issues of RSA cryptosystem. We will investigate some essential attacks in later section. Before looking at the attacks, we firstly describe a simplified version of RSA algorithm. Let N be the product of two large prime numbers, N = p∗q, where p, q are of the same size in term of bits in binary representation, and N is called the RSA modulus. Let e, d be two integers, such that e∗d = 1 mod M(N). M(N) = (p-1)∗(q-1) is the number of primes in the interval of [1..N-1]. Now, we obtained the public key, <N,e>, which is used for encryption; and the private key, <N,d>, which is known only to the recipient of the encrypted messages. Here is how RSA encryption and decryption works. To encrypt a message M (<N), one computes: C: = M^e mod N To decrypt the ciphertext C, the receiver (owner of d) computes: M: = C^d = M^(ed) = mod N Using the above equality, RSA function is defined as x � x^e mod N. If d is known, RSA function can be easily inverted. The term, breaking RSA, refers to inverting RSA function without any notion of d. Throughout this report, we use “Alice ” to denote the message sender, “Bob ” to denote the legitimate receiver, and “Marvin ” for the attacker.

The word ‘hacker ’ originally was used to describe someone who made furniture with an axe but in the computer community it describes a proficient programmer or an exceptional computer intruder (Jargon File, 2005). The original hackers were creative computer enthusiasts who created their own methods and tools to accomplish said tasks. The term was first used in the early 1960s at MIT’s Artificial Intelligence Laboratory to refer to the labs students including Richard Matthew Stallman, the founder of the free software movement, the GNU project, and the Free Software Foundation. A ‘script kiddie ’ on the other hand is a derogatory term for a person who plagiarizes scripts and programs developed by others for the malicious purpose of compromising computers and launching attacks on computer networks (Wikipedia, 2005). Jargon File editor Eric S. Raymond, a figure head for the open source movement has been trying for a few years to remove the negative connotation to the word ‘hacker’. Many of the elite programmers and open source believers would agree that a script kiddie is only a wannabe hacker and they are hindering the open source movement. Script kiddies could be the downfall of the open source movement and are one of the leading

In 2000, Boneh-Durfee extended the bound for low private exponent from 0.25 (provided by wiener) to 0.292 with public exponent size is same as modulus size. They have used powerful lattice reduction algorithm (LLL) with coppersmith’s theory of polynomials. In this paper we generalize their attack to arbitrary public exponent.

Lattice basis reduction algorithms have contributed a lot to cryptanalysis of RSA crypto system. With coppersmith’s theory of polynomials, these algorithms are searching for the weak instances of Number-theoretic cryptography, mainly RSA. In this paper we present several lattice based attacks on low private exponent of RSA.