In this paper we present new arithmetical and algebraic results following the work of Babindamana and al. on hyperbolas and describe from the new results an approach to attacking a RSA-type modulus based on continued fractions, independent and not bounded by the size of the private key $d$ nor public exponent $e$ compared to Wiener's attack. When successful, this attack is bounded by $\displaystyle\mathcal{O}\left( b\log{\alpha_{j4}}\log{(\alpha_{i3}+\alpha_{j3})}\right)$ with $b=10^{y}$, $\alpha_{i3}+\alpha_{j3}$ a non trivial factor of $n$ and $\alpha_{j4}$ such that $(n+1)/(n-1)=\alpha_{i4}/\alpha_{j4}$. The primary goal of this attack is to find a point $\displaystyle X_{\alpha}=\left(-\alpha_{3}, \ \alpha_{3}+1 \right) \in \mathbb{Z}^{2}_{\star}$ that satisfies $\displaystyle\left\langle X_{\alpha_{3}}, \ P_{3} \right\rangle =0$ from a convergent of $\displaystyle\frac{\alpha_{i4}}{\alpha_{j4}}+\delta$, with $P_{3}\in \mathcal{B}_{n}(x, y)_{\mid_{x\geq 4n}}$. We finally present some experimental examples. We believe these results constitute a new direction in RSA Cryptanalysis using continued fractions.
翻译:----
本文在双曲线与Babindamana等人的工作基础上,提出了新的算术和代数结果,并描述了一种基于连分数的攻击RSA类型模数的方法,该方法不受私钥$d$或公钥指数$e$的大小限制,相比于Wiener的攻击方法更为独立。成功时,该攻击的边界为$\displaystyle\mathcal{O}\left( b\log{\alpha_{j4}}\log{(\alpha_{i3}+\alpha_{j3})}\right)$,其中$b=10^{y}$,$\alpha_{i3}+\alpha_{j3}$是$n$的非平凡因子,$\alpha_{j4}$满足$(n+1)/(n-1)=\alpha_{i4}/\alpha_{j4}$。该攻击的主要目标是从$\displaystyle\frac{\alpha_{i4}}{\alpha_{j4}}+\delta$的收敛式中找到一个点$\displaystyle X_{\alpha}=\left(-\alpha_{3}, \ \alpha_{3}+1 \right) \in \mathbb{Z}^{2}_{\star}$,使得$\displaystyle\left\langle X_{\alpha_{3}}, \ P_{3} \right\rangle =0$,其中$P_{3}\in \mathcal{B}_{n}(x, y)_{\mid_{x\geq 4n}}$。最后,我们提供了一些实验例子。我们相信这些结果是使用连分数进行RSA密码分析的一个新方向。
相关内容
微信扫码咨询专知VIP会员