Aono, Yoshinori ; Agrawal, Manindra ; Satoh, Takakazu ; Watanabe, Osamu (2017) On the optimality of lattices for the coppersmith technique Applicable Algebra in Engineering, Communication and Computing, 29 (2). pp. 169-195. ISSN 0938-1279
Full text not available from this repository.
Official URL: http://doi.org/10.1007/s00200-017-0336-9
Related URL: http://dx.doi.org/10.1007/s00200-017-0336-9
Abstract
We investigate a method for finding small integer solutions of a univariate modular equation, that was introduced by Coppersmith (Proceedings of Eurocrypt 1996, LNCS, vol 1070, pp 155–165, 1996) and extended by May (New RSA vulnerabilities using lattice reduction methods, Ph.D. thesis, University of Paderborn, 2003). We will refer this method as the Coppersmith technique. This paper provides a way to analyze a general limitations of the lattice construction for the Coppersmith technique. Our analysis upper bounds the possible range of U that is asymptotically equal to the bound given by the original result of Coppersmith and May. This means that they have already given the best lattice construction. In addition, we investigate the optimality for the bivariate equation to solve the small inverse problem, which was inspired by Kunihiro’s (LNCS 7483:55–69, 2012) argument. In particular, we show the optimality for the Boneh–Durfee’s equation (Proceedings of Eurocrypt 1999, LNCS, vol 1592, pp 389–401, 1999) used for RSA cryptoanalysis, To show our results, we establish framework for the technique by following the relation of Howgrave-Graham (Proceedings of cryptography and coding, LNCS, vol 1355, pp 131–142, 1997), and then concretely define the conditions in which the technique succeed and fails. We then provide a way to analyze the range of U that satisfies these conditions. Technically, we show that the original result of Coppersmith achieves the optimal bound for U when constructing a lattice in the standard way. We then provide evidence which indicates that constructing a non-standard lattice is generally difficult.
Item Type: | Article |
---|---|
Source: | Copyright of this article belongs to Springer Nature |
Keywords: | Coppersmith technique, Lattice construction, Impossibility result, RSA cryptanalyses |
ID Code: | 129655 |
Deposited On: | 23 Nov 2022 11:40 |
Last Modified: | 23 Nov 2022 11:40 |
Repository Staff Only: item control page