File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/3-540-49162-7_16
- Scopus: eid_2-s2.0-84899108547
- WOS: WOS:000083636200016
- Find via
Supplementary
- Citations:
- Appears in Collections:
Conference Paper: The Effectiveness of Lattice Attacks Against Low-Exponent RSA
| Title | The Effectiveness of Lattice Attacks Against Low-Exponent RSA |
|---|---|
| Authors | |
| Issue Date | 1999 |
| Publisher | Springer. |
| Citation | Second International Workshop on Practice and Theory in Public Key Cryptography (PKC'99), Kamakura, Japan, 1-3 March 1999. In Public Key Cryptography, p. 204-218. Berlin: Springer, 1999 How to Cite? |
| Abstract | At Eurocrypt’ 96, Coppersmith presented a novel application of lattice reduction to find small roots of a univariate modular polynomial equation. This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications à la Haståd. Theoretically, these are the most powerful known attacks against low-exponent RSA. However, the practical behavior of Coppersmith’s method was unclear. On the one hand, the method requires reductions of high-dimensional lattices with huge entries, which could be out of reach. On the other hand, it is well-known that lattice reduction algorithms output better results than theoretically expected, which might allow better bounds than those given by Coppersmith’s theorems. In this paper, we present extensive experiments with Coppersmith’s method, and discuss various trade-offs together with practical improvements. Overall, practice meets theory. The warning is clear: one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents |
| Persistent Identifier | http://hdl.handle.net/10722/283489 |
| ISBN | |
| ISSN | 2020 SCImago Journal Rankings: 0.249 |
| ISI Accession Number ID | |
| Series/Report no. | Lecture Notes in Computer Science ; 1560 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Coupé, C | - |
| dc.contributor.author | Nguyen, P | - |
| dc.contributor.author | Stern, J | - |
| dc.date.accessioned | 2020-06-23T07:58:59Z | - |
| dc.date.available | 2020-06-23T07:58:59Z | - |
| dc.date.issued | 1999 | - |
| dc.identifier.citation | Second International Workshop on Practice and Theory in Public Key Cryptography (PKC'99), Kamakura, Japan, 1-3 March 1999. In Public Key Cryptography, p. 204-218. Berlin: Springer, 1999 | - |
| dc.identifier.isbn | 9783540656449 | - |
| dc.identifier.issn | 0302-9743 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/283489 | - |
| dc.description.abstract | At Eurocrypt’ 96, Coppersmith presented a novel application of lattice reduction to find small roots of a univariate modular polynomial equation. This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications à la Haståd. Theoretically, these are the most powerful known attacks against low-exponent RSA. However, the practical behavior of Coppersmith’s method was unclear. On the one hand, the method requires reductions of high-dimensional lattices with huge entries, which could be out of reach. On the other hand, it is well-known that lattice reduction algorithms output better results than theoretically expected, which might allow better bounds than those given by Coppersmith’s theorems. In this paper, we present extensive experiments with Coppersmith’s method, and discuss various trade-offs together with practical improvements. Overall, practice meets theory. The warning is clear: one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents | - |
| dc.language | eng | - |
| dc.publisher | Springer. | - |
| dc.relation.ispartof | Public Key Cryptography | - |
| dc.relation.ispartofseries | Lecture Notes in Computer Science ; 1560 | - |
| dc.title | The Effectiveness of Lattice Attacks Against Low-Exponent RSA | - |
| dc.type | Conference_Paper | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1007/3-540-49162-7_16 | - |
| dc.identifier.scopus | eid_2-s2.0-84899108547 | - |
| dc.identifier.spage | 204 | - |
| dc.identifier.epage | 218 | - |
| dc.identifier.isi | WOS:000083636200016 | - |
| dc.publisher.place | Berlin | - |
| dc.identifier.issnl | 0302-9743 | - |