Breaking RSA Generically Is Equivalent to Factoring

Aggarwal, Divesh; Maurer, Ueli

doi:10.1109/tit.2016.2594197

Cited by 26 publications

(13 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If Peggy could answer, for a fixed t, two challenges c and c by r and r , respectively, so that Vic accepts, then she could compute x (and hence knows it). 1 This can be shown as follows: we have h r = t · z c and h r = t · z c and thus…”

Section: The Schnorr Protocolmentioning

confidence: 96%

“…For concreteness, one can think of m as being an RSA-modulus [17]. For a given exponent e (with gcd(e, ϕ(m)) = 1), breaking the RSA cryptosystem means to compute eth roots modulo m. This is considered hard and, for a generic model of computation, has been proved to be equivalent to factoring m [1]. Unlike for RSA, in our context e is considered to be prime.…”

Section: The Fiat-shamir and Guillou-quisquater Protocolsmentioning

confidence: 99%

“…. , x m ) of exponents such that z = h x 1 1 h x 2 2 · · · h x m m . (Note that such a representation is not unique.)…”

Section: Proof Of Knowledge Of a Representationmentioning

confidence: 99%

See 2 more Smart Citations

Zero-knowledge proofs of knowledge for group homomorphisms

Maurer

2015

Des. Codes Cryptogr.

Self Cite

View full text Add to dashboard Cite

A simple zero-knowledge proof of knowledge protocol is presented of which many known protocols are instantiations. These include Schnorr's protocol for proving knowledge of a discrete logarithm, the Fiat-Shamir and Guillou-Quisquater protocols for proving knowledge of a modular root, protocols for proving knowledge of representations (like Okamoto's protocol), protocols for proving equality of secret values, a protocol for proving the correctness of a Diffie-Hellman key, protocols for proving the multiplicative relation of three commitments (as required in secure multi-party computation), and protocols used in credential systems. This unifies a substantial body of work and can also lead to instantiations of the protocol for new applications.

show abstract

Section: The Schnorr Protocolmentioning

confidence: 96%

Section: The Fiat-shamir and Guillou-quisquater Protocolsmentioning

confidence: 99%

See 1 more Smart Citation

Zero-knowledge proofs of knowledge for group homomorphisms

Maurer

2015

Des. Codes Cryptogr.

Self Cite

View full text Add to dashboard Cite

show abstract

“…It is instructive to compare our arithmetic model to the Generic Group Model (GGM) and its extensions [48,42,41,2]. The generic group model is an idealized model, where the adversary's computation is independent of the representation of the underlying cryptographic group (or ring).…”

Section: The Generic Group Modelmentioning

confidence: 99%

Arithmetic Cryptography

Applebaum

Avron

Brzuska

2015

Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science

View full text Add to dashboard Cite

We study the possibility of computing cryptographic primitives in a fully-black-box arithmetic model over a finite field F. In this model, the input to a cryptographic primitive (e.g., encryption scheme) is given as a sequence of field elements, the honest parties are implemented by arithmetic circuits which make only a black-box use of the underlying field, and the adversary has a full (non-black-box) access to the field. This model captures many standard informationtheoretic constructions.We prove several positive and negative results in this model for various cryptographic tasks. On the positive side, we show that, under reasonable assumptions, computational primitives like commitment schemes, public-key encryption, oblivious transfer, and general secure two-party computation can be implemented in this model. On the negative side, we prove that garbled circuits, homomorphic encryption, and secure computation with low online complexity cannot be achieved in this model. Our results reveal a qualitative difference between the standard model and the arithmetic model, and explain, in retrospect, some of the limitations of previous constructions.

show abstract

“…From the point of view of the safety of the generic RSA algorithm, the primary role is played by attacks that reconstruct the secret key ( ) , n d . In this context; attacks can be grouped according to the methods used to achieve this goal: ◆ Algorithms for factorization of the RSA algorithm module ◆ Characteristics of the applied public and secret key ◆ Properties induced by the method of implementing the RSA algorithm Details can be founded in [2], [3], [4], [5], [6].…”

Section: Introductionmentioning

confidence: 99%

Contribution oo the Theory and Practice of Generating RSA Algorithm Keys

Unkašević¹,

Banjac²,

Milosavljević³

et al. 2019

Proceedings of the International Scientific Conference - Sinteza 2019

View full text Add to dashboard Cite

The RSA cryptographic algorithm is widely used in data protection and electronic business. One of the most important parameter of the achieved level of security is the quality of the generated cryptographic keys with which the algorithm is applied. In this paper a few cases in which poorly generated RSA cryptographic keys caused dis-accreditation of the system are described. The recommendations and checks that must be fulfilled during generation of RSA algorithm cryptographic keys are formulated in order that keys were considered safe for implement on.

show abstract

Breaking RSA Generically Is Equivalent to Factoring

Cited by 26 publications

References 19 publications

Zero-knowledge proofs of knowledge for group homomorphisms

Zero-knowledge proofs of knowledge for group homomorphisms

Arithmetic Cryptography

Contribution oo the Theory and Practice of Generating RSA Algorithm Keys

Contact Info

Product

Resources

About