The multi-variable modular polynomial and its applications to cryptography

Takagi, Tsuyoshi; Naito, Shozo

doi:10.1007/bfb0009515

Cited by 4 publications

(4 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, all multivariable-type functions cannot be treated as a single variable. By improving the Håstad theorem, the Håstad attack has been extended to the RSA cryptosystem where the encryption function is a multivariable polynomial [11].…”

Section: Security Against Håstad Attackmentioning

confidence: 99%

See 1 more Smart Citation

Construction of RSA cryptosystem over the algebraic field using ideal theory and investigation of its security

Takagi

Naito

2000

Electron. Comm. Jpn. Pt. III

Self Cite

View full text Add to dashboard Cite

Section: Security Against Håstad Attackmentioning

confidence: 99%

“…. , x l in polynomial time of e, k, and log n i : (10) (11) Here N i k n i , n min n i , g is the number of similar terms including the constants, and f is the sum of degrees of x 1 , x 2 , . .…”

Section: Security Against Håstad Attackmentioning

confidence: 99%

Construction of RSA cryptosystem over the algebraic field using ideal theory and investigation of its security

Takagi

Naito

2000

Electron. Comm. Jpn. Pt. III

Self Cite

View full text Add to dashboard Cite

“…A few authors have shown that such attacks can be extended to elliptic curve cryptosystems [14,12,20,8]. These attacks are based on division polynomials whose degree e 2 grows quadraticly with the public parameter e. Because of these results and the more complex structure of KMOV, it is sometimes believed that KMOV is more resistant against this kind of attacks.…”

Section: Introductionmentioning

confidence: 99%

On the security of the KMOV public key cryptosystem

Bleichenbacher

1997

Advances in Cryptology — CRYPTO '97

View full text Add to dashboard Cite

Abstract. This paper analyzes the KMOV public key cryptosystem, which is an elliptic curve based analogue to RSA. It was believed that this cryptosystem is more secure against attacks without factoring such as the Hs in broadcast application. Some new attacks on KMOV are presented in this paper that show the converse. In particular, it is shown that some attacks on RSA which work only when a small public exponent e is used can be extended to KMOV, but with no restriction on e. The implication of these attacks on related cryptosystems are Mso discussed.

show abstract

“…Their advantage is that they allow us to encrypt data larger than the public-key at a time, and we can prove their security is equivalent to the original RSA cryptosystem or factoring. However, these algorithms are very slow and the attacks against the RSA cryptosystem are also applicable to them (See, for example, [8] [20].). We cannot find significant advantage over using the original RSA cryptosystem for each block.…”

Section: Introductionmentioning

confidence: 99%