Sciweavers

DCC
2001
IEEE

How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

15 years 1 days ago
How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves
Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.
Marc Joye, Jean-Jacques Quisquater, Tsuyoshi Takag
Added 25 Dec 2009
Updated 25 Dec 2009
Type Conference
Year 2001
Where DCC
Authors Marc Joye, Jean-Jacques Quisquater, Tsuyoshi Takagi
Comments (0)