Sciweavers

ASIACRYPT
2015
Springer

Solving Linear Equations Modulo Unknown Divisors: Revisited

8 years 7 months ago
Solving Linear Equations Modulo Unknown Divisors: Revisited
Abstract. We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor p for a known composite integer N. In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equations by Herrmann and May (Asiacrypt’08) and simultaneous modular univariate linear equations by Cohn and Heninger (ANTS’12). Their algorithms have many important applications in cryptanalysis, such as factoring with known bits problem, fault attacks on RSA signatures, analysis of approximate GCD problem, etc. In this paper, by introducing multiple parameters, we propose several generalizations of the above equations. The motivation behind these extensions is that some attacks on RSA variants can be reduced to solving these generalized equations, and previous algorithms do not apply. We...
Yao Lu, Rui Zhang 0002, Liqiang Peng, Dongdai Lin
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where ASIACRYPT
Authors Yao Lu, Rui Zhang 0002, Liqiang Peng, Dongdai Lin
Comments (0)