Factoring the Modulus of Type N = p2q by Finding Small Solutions of the Equation er − (Ns + t) = αp2 + βq2

The modulus of type N=p2q is often used in many variants of factoring-based cryptosystems due to its ability to fasten the decryption process. Faster decryption is suitable for securing small devices in the Internet of Things (IoT) environment or securing fast-forwarding encryption services used in mobile applications. Taking this into account, the security analysis of such modulus is indeed paramount. This paper presents two cryptanalyses that use new enabling conditions to factor the modulus N=p2q of the factoring-based cryptosystem. The first cryptanalysis considers a single user with a public key pair (e,N) related via an arbitrary relation to equation er−(Ns+t)=αp2+βq2, where r,s,t are unknown parameters. The second cryptanalysis considers two distinct cases in the situation of k-users (i.e., multiple users) for k≥2, given the instances of (Ni,ei) where i=1,…,k. By using the lattice basis reduction algorithm for solving simultaneous Diophantine approximation, the k-instances of (Ni,ei) can be successfully factored in polynomial time.

Ciphertext-Only Attack on RSA Using Lattice Basis Reduction

We use lattice basis reduction for ciphertext-only attack on RSA. Our attack is applicable in the conditions when known attacks are not applicable, and, contrary to known attacks, it does not require prior knowledge of a part of a message or key, small encryption key, e, or message broadcasting. Our attack is successful when a vector, comprised of a message and its exponent, is likely to be the shortest in the lattice, and meets Minkowski's Second Theorem bound. We have conducted experiments for message, keys, and encryption/decryption keys with sizes from 40 to 8193 bits, with dozens of thousands of successful RSA cracks. It took about 45 seconds for cracking 2001 messages of 2050 bits and for large public key values related with Euler’s totient function, and the same order private keys. Based on our findings, for RSA not to be susceptible to the proposed attack, it is recommended avoiding RSA public key form used in our experiments

Ready-made short basis for GLV+GLS on high degree twisted curves

<abstract><p>The crucial step in elliptic curve scalar multiplication based on scalar decompositions using efficient endomorphisms—such as GLV, GLS or GLV+GLS—is to produce a short basis of a lattice involving the eigenvalues of the endomorphisms, which usually is obtained by lattice basis reduction algorithms or even more specialized algorithms. Recently, lattice basis reduction is found to be unnecessary. Benjamin Smith (AMS 2015) was able to immediately write down a short basis of the lattice for the GLV, GLS, GLV+GLS of quadratic twists using elementary facts about quadratic rings. Certainly it is always more convenient to use a ready-made short basis than to compute a new one by some algorithm. In this paper, we extend Smith's method on GLV+GLS for quadratic twists to quartic and sextic twists, and give ready-made short bases for $ 4 $-dimensional decompositions on these high degree twisted curves. In particular, our method gives a unified short basis compared with Hu et al.'s method (DCC 2012) for $ 4 $-dimensional decompositions on sextic twisted curves.</p></abstract>