@MISC{Gysin97somenew, author = {Marc Gysin}, title = {Some New Pollard ρ's and Attacks for RSA}, year = {1997} }

Share

OpenURL

Abstract

We introduce Pollard's ae method and factorisation. We highlight some sequences modulo n which are good for factorising an RSA modulus, that is, factorising, n = pq, p, q prime. A sequence fSg modulo n which "is good for factorising n" has the following two properties: ffl fSg has a "short" period ß modulo p (or modulo q); ffl the periods of fSg modulo p and modulo q are not equal. We examine the periods ß of a variety of such sequences fSg. Let fFg = f i and fHg = h i be Fibonacci/Lucas or any second order linear recurrent sequences, let a; b 2 Z p . We then examine the following sequences fSg, fTg, fUg, fV g: ffl fSg = s i , where s 0 = a, s i+1 = s b i modulo p. ffl fTg = t i , where t i = f a i modulo p. ffl fUg = u i , where u i = a f i modulo p. ffl fV g = v i , where v i = f h i modulo p. In all these sequences the next element can be computed efficiently from the previous one. For example, f ak can be computed from f k by one matrix--exponentiation to the power a....