Abstract
In Crypto 2010, Kiltz, O’Neill and Smith used m-prime RSA modulus N with \(m\ge 3\) for constructing lossy RSA. The security of the proposal is based on the Multi-Prime \(\varPhi \)-Hiding Assumption. In this paper, we propose a heuristic algorithm based on the Herrmann-May lattice method (Asiacrypt 2008) to solve the Multi-Prime \(\varPhi \)-Hiding Problem when prime \(e>N^{\frac{2}{3m}}\). Further, by combining with mixed lattice techniques, we give an improved heuristic algorithm to solve this problem when prime \(e>N^{\frac{2}{3m}-\frac{1}{4m^2}}\). These two results are verified by our experiments. Our bounds are better than the existing works.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There is a minor mistake in proceedings version of Crypto 2010 as reported in [7, Page 97].
References
Cachin, C., Micali, S., Stadler, M.A.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 402. Springer, Heidelberg (1999)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
Gentry, C., Mackenzie, P., Ramzan, Z.: Password authenticated key exchange using hidden smooth subgroups. In: Proceedings of the 12th ACM Conference on Computer and Communications Security CCS 2005, pp. 299–309. ACM, New York (2005)
Gentry, C., Ramzan, Z.: Single-database private information retrieval with constant communication rate. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 803–815. Springer, Heidelberg (2005)
Gomez, D., Gutierrez, J., Ibeas, A.: Attacking the pollard generator. IEEE Trans. Inf. Theor. 52(12), 5518–5523 (2006)
Hemenway, B., Ostrovsky, R.: Public-key locally-decodable codes. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 126–143. Springer, Heidelberg (2008)
Herrmann, M.: Improved cryptanalysis of the Multi-Prime \(\phi \) - Hiding Assumption. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 92–99. Springer, Heidelberg (2011)
Herrmann, M., May, A.: Solving linear equations modulo divisors: on factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 406–424. Springer, Heidelberg (2008)
Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 51. Springer, Heidelberg (2001)
Kakvi, S.A., Kiltz, E., May, A.: Certifying RSA. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 404–414. Springer, Heidelberg (2012)
Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)
Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010)
Lenstra Jr., H.W.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987)
May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P.Q., Valle, B. (eds.) The LLL Algorithm. Information Security and Cryptography, pp. 315–348. Springer, Heidelberg (2010)
Sarkar, S.: Reduction in lossiness of RSA trapdoor permutation. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, vol. 7644, pp. 144–152. Springer, Heidelberg (2012)
Schridde, C., Freisleben, B.: On the validity of the \(\Phi \)-hiding assumption in cryptographic protocols. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 344–354. Springer, Heidelberg (2008)
Takayasu, A., Kunihiro, N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. In: Boyd, C., Simpson, L. (eds.) ACISP. LNCS, vol. 7959, pp. 118–135. Springer, Heidelberg (2013)
Takayasu, A., Kunihiro, N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. IEICE Trans. 97–A(6), 1259–1272 (2014)
Tosu, K., Kunihiro, N.: Optimal bounds for multi-prime \(\Phi \)-hiding assumption. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 1–14. Springer, Heidelberg (2012)
Acknowledgements
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (Grants 2013CB834203), the National Natural Science Foundation of China (Grants 61472417, 61472415 and 61502488), the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702, and the State Key Laboratory of Information Security, Chinese Academy of Sciences.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proof on \(|v_{11}|\le \sqrt{2e}\) and \(v_{11}\ne 0\)
A Proof on \(|v_{11}|\le \sqrt{2e}\) and \(v_{11}\ne 0\)
Proof
Note that \(\mathbf {v_1}=(v_{11}, v_{12})\) is the shortest nonzero vector in lattice \(\mathcal {L}\). According to Minkowski bound, we know that
Since \(v_{11}\) is a component of \(\mathbf {v_1}\), we have \(|v_{11}|\le \sqrt{2e}\). Now, we prove that \(v_{11}\ne 0\). Since \(v_1 \in \mathcal {L}\), there exists some integer \(c_1\) such that
If \(v_{11}=0\), we get \(rv_{12}=c_1e\). Since e is a prime and \(0<r<e\), e divides \(v_{12}\). Thus e divides \(\Vert \mathbf {v_1}\Vert \). So \(\Vert \mathbf {v_1}\Vert \ge e\). However, it is impossible since \(\Vert \mathbf {v_1}\Vert \le \sqrt{2e}\). Therefore, \(v_{11}\ne 0\). \(\square \)
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Xu, J., Hu, L., Sarkar, S., Zhang, X., Huang, Z., Peng, L. (2016). Cryptanalysis of Multi-Prime \(\varPhi \)-Hiding Assumption. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-45871-7_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45870-0
Online ISBN: 978-3-319-45871-7
eBook Packages: Computer ScienceComputer Science (R0)