Factoring the Modulus of Type N = p2q by Finding Small Solutions of the Equation er − (Ns + t) = αp2 + βq2

The modulus of type N=p2q is often used in many variants of factoring-based cryptosystems due to its ability to fasten the decryption process. Faster decryption is suitable for securing small devices in the Internet of Things (IoT) environment or securing fast-forwarding encryption services used in mobile applications. Taking this into account, the security analysis of such modulus is indeed paramount. This paper presents two cryptanalyses that use new enabling conditions to factor the modulus N=p2q of the factoring-based cryptosystem. The first cryptanalysis considers a single user with a public key pair (e,N) related via an arbitrary relation to equation er−(Ns+t)=αp2+βq2, where r,s,t are unknown parameters. The second cryptanalysis considers two distinct cases in the situation of k-users (i.e., multiple users) for k≥2, given the instances of (Ni,ei) where i=1,…,k. By using the lattice basis reduction algorithm for solving simultaneous Diophantine approximation, the k-instances of (Ni,ei) can be successfully factored in polynomial time.

Ciphertext-Only Attack on RSA Using Lattice Basis Reduction

We use lattice basis reduction for ciphertext-only attack on RSA. Our attack is applicable in the conditions when known attacks are not applicable, and, contrary to known attacks, it does not require prior knowledge of a part of a message or key, small encryption key, e, or message broadcasting. Our attack is successful when a vector, comprised of a message and its exponent, is likely to be the shortest in the lattice, and meets Minkowski's Second Theorem bound. We have conducted experiments for message, keys, and encryption/decryption keys with sizes from 40 to 8193 bits, with dozens of thousands of successful RSA cracks. It took about 45 seconds for cracking 2001 messages of 2050 bits and for large public key values related with Euler’s totient function, and the same order private keys. Based on our findings, for RSA not to be susceptible to the proposed attack, it is recommended avoiding RSA public key form used in our experiments

Ready-made short basis for GLV+GLS on high degree twisted curves

<abstract><p>The crucial step in elliptic curve scalar multiplication based on scalar decompositions using efficient endomorphisms—such as GLV, GLS or GLV+GLS—is to produce a short basis of a lattice involving the eigenvalues of the endomorphisms, which usually is obtained by lattice basis reduction algorithms or even more specialized algorithms. Recently, lattice basis reduction is found to be unnecessary. Benjamin Smith (AMS 2015) was able to immediately write down a short basis of the lattice for the GLV, GLS, GLV+GLS of quadratic twists using elementary facts about quadratic rings. Certainly it is always more convenient to use a ready-made short basis than to compute a new one by some algorithm. In this paper, we extend Smith's method on GLV+GLS for quadratic twists to quartic and sextic twists, and give ready-made short bases for $ 4 $-dimensional decompositions on these high degree twisted curves. In particular, our method gives a unified short basis compared with Hu et al.'s method (DCC 2012) for $ 4 $-dimensional decompositions on sextic twisted curves.</p></abstract>

NTRU-Like Random Congruential Public-Key Cryptosystem for Wireless Sensor Networks

Wireless Sensor Networks (WSN) are the core of Internet of Things and require cryptographic protection due to the increase number of attacks. Cryptographic methods for WSN should be fast and consume low power as these networks consist of battery-powered devices and constrained microcontrollers. NTRU, the fastest and secure public key cryptosystem, uses high degree polynomials, and is susceptible to the lattice basis reduction attack (LBRA). CPKC, proposed by NTRU authors, works on integers modulo $q$ and is easily attackable by LBRA since it uses small numbers for the sake of the correct decryption. Herein, RCPKC, a random congruential public key cryptosystem working on integers modulo $q$ is proposed, such that the norm of a two-dimensional vector formed by its private key is greater than $\sqrt{q}$. RCPKC works similar to NTRU, and it is a secure version of insecure CPKC. RCPKC specifies a range from which the random numbers shall be selected, and it provides correct decryption for valid users and incorrect decryption for an attacker using LBRA by Gaussian lattice reduction. Because of its resistance to LBRA, RCPKC is more secure. Simultaneously, due to the use of big numbers instead of high degree polynomials, RCPKC is about 24 (7) times faster in encryption (decryption) than NTRU. Also, RCPKC is more three times faster than the most effective known NTRU variant, BQTRU. Compared to NTRU, RCPKC reduces energy consumption at least seven times that allows increasing life-time of unattended WSN more than seven times.

Differential Fault Attacks on Deterministic Lattice Signatures

In this paper, we extend the applicability of differential fault attacks to lattice-based cryptography. We show how two deterministic lattice-based signature schemes, Dilithium and qTESLA, are vulnerable to such attacks. In particular, we demonstrate that single random faults can result in a nonce-reuse scenario which allows key recovery. We also expand this to fault-induced partial nonce-reuse attacks, which do not corrupt the validity of the computed signatures and thus are harder to detect.Using linear algebra and lattice-basis reduction techniques, an attacker can extract one of the secret key elements after a successful fault injection. Some other parts of the key cannot be recovered, but we show that a tweaked signature algorithm can still successfully sign any message. We provide experimental verification of our attacks by performing clock glitching on an ARM Cortex-M4 microcontroller. In particular, we show that up to 65.2% of the execution time of Dilithium is vulnerable to an unprofiled attack, where a random fault is injected anywhere during the signing procedure and still leads to a successful key-recovery.