Conference Paper

# Implicit Factoring with Shared Most Significant and Middle Bits

DOI: 10.1007/978-3-642-13013-7_5 Conference: Public Key Cryptography - PKC 2010, 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, May 26-28, 2010. Proceedings

Source: DBLP

Get notified about updates to this publication Follow publication |

Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.

- [Show abstract] [Hide abstract]

**ABSTRACT:**In this paper we present some problems and their solutions exploiting lattice based root finding techniques. In [Cryptography and lattices. 1st international conference, CaLC 2001, Lect. Notes Comput. Sci. 2146, 51–66 (2001; Zbl 1006.94528)] N. Howgrave-Graham proposed a method to find the Greatest Common Divisor (GCD) of two large integers when one of the integers is exactly known and the other one is known approximately. In this paper, we present three applications of the technique. The first one is to show deterministic polynomial time equivalence between factoring N (N=pq, where p>q or p,q are of same bit size) and knowledge of q -1 modp. Next, we consider the problem of finding smooth integers in a short interval. The third one is to factorize N given a multiple of the decryption exponent in RSA. In [Advances in cryptology – ASIACRYPT 2006, Lect. Notes Comput. Sci. 4284, 267–282 (2006; Zbl 1172.94577)] E. Jochemsz and A. May presented a general strategy for finding roots of a polynomial. We apply that technique to solve the following two problems. The first one is to factorize N given an approximation of a multiple of the decryption exponent in RSA. The second one is to solve the implicit factorization problem given three RSA moduli considering certain portions of LSBs as well as MSBs of one set of three secret primes are same. -
- [Show abstract] [Hide abstract]

**ABSTRACT:**In this paper, we analyze how to calculate the GCD of k ( ≥ 2) many large integers, given their approximations. This problem is known as the approximate integer common divisor problem in literature. Two versions of the problem, presented by Howgrave-Graham in CaLC 2001, turn out to be special cases of our analysis when k = 2. We relate the approximate common divisor problem to the implicit factorization problem as well. The later was introduced by May and Ritzenhofen in PKC 2009 and studied under the assumption that some of Least Significant Bits (LSBs) of certain primes are the same. Our strategy can be applied to the implicit factorization problem in a general framework considering the equality of (i) most significant bits (MSBs), (ii) least significant bits (LSBs), and (iii) MSBs and LSBs together. We present new and improved theoretical as well as experimental results in comparison with the state of the art work in this area.