Abstract
Given an RSA modulus n, a ciphertext c and the encryption exponent e, one can construct the sequence
until gcd(x i+1 − x 0, n) ≠ 1 or > B, B a given boundary. If i ≤ B, there are two cases. Case 1: gcd(x i+1 − x 0, n) = n. In this case x i = m and the secret message m can be recovered. Case 2: 1 ≠ gcd(x i+1 − x 0, n) ≠ n. In this case, the RSA modulus n can be factorised. If i ≤ B, then Case 2 is much more likely to occur than Case 1. This attack is called a cycling attack. We introduce some new generalised cycling attacks. These attacks work without the knowledge of e and c. Therefore, these attacks can be used as factorisation algorithms. We also translate these attacks to elliptic curves. For this case we call these attacks EC generalised cycling attacks. Finally, we review criteria that a strong RSA prime must satisfy.
Supported by ARC Large Grants A9803826, A49703117
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
H. Aly and W.B. Mueller, Cryptosystems based on Dickson polynomials, PRAGOCRYPT’96 preproceedings, 493–503, 1996.
R. Anderson and S. Vaudenay, Minding your p’s and q’s, ASIACRYPT’96, Springer LNCS 1163, 26–35, 1996.
L. Blum, M. Blum and M. Shub, A simple unpredictable pseudorandom number generator, SIAM Journal on Computing, 15, 364–383, 1986.
D. Bleichenbacher, W. Bosma, A.K. Lenstra, Some remarks on Lucas-based cryptosystems, CRYPTO’95, Springer LNCS 963, 386–396, 1995.
C.Y. Chen, C.C. Chang, W.P. Yang, A λ(p − 1) method of factoring RSA’s modulus, Cryptography Policy and Algorithms Conference, CPAC’95 preproceedings, Brisbane 1995, 225–231, 1995.
M. Gysin and J. Seberry, Generalised cycling attacks on RSA, technical report, TR 1998/1, 1998.
K. Huber, Some considerations concerning the selections of RSA moduli, EUROCRYPT’91, Springer LNCS 547, 294–301, 1991.
N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, Vol 48,177, 203–209, 1987.
K. Koyama, U. Maurer, T. Okamoto and S.A. Vanstone, New public-key schemes based on elliptic curves over the ring Z n, CRYPTO’91, Springer LNCS 576, 252–266, 1992.
H.W. Lenstra, Factoring integers with elliptic curves, Annals of Mathematics 126, 649–673, 1987.
F.E.A. Lucas, Théorie des fonctions numériques simplement périodiques, American Journal of Mathematics, 1, 184–240/289–321, 1878.
U.M. Maurer, Fast generation of prime numbers and secure public-key cryptographic parameters, Journal of Cryptology, Vol. 8,3, 123–155, 1995.
B. Meier and V. Mueller, A public-key cryptosystem based on elliptic curves over Z=nZ equivalent to factoring, EUROCRYPT’96, Springer LNCS 1070, 49–59, 1996.
A.J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Massachusetts, USA, 1993.
A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, USA, 1997.
J.M. Pollard, Theorems on factorisations and primality testing, Proceedings of the Cambridge Philosophical Society, 76, 521–528, 1974.
J.M. Pollard, A Monte Carlo method for factorisation, Nordisk Tidskrift för Informationsbehandling (BIT), 15, 331–334, 1975.
M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.
H. Riesel, Prime Numbers and Computer Methods for Factorization, Progress in Mathematics, Vol 57, Birkhaeuser, Boston, 1985.
R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, 21,2, 120–126, 1978.
P. Smith and C. Skinner, A public-key cryptosystem and a digital signature algorithm based on the Lucas function, ASIACRYPT’94, pre-proceedings, 298–306, Wollongong, 1994.
D.R. Stinson, Cryptography Theory and Practice, CRC Press, Boca Raton, USA, 1995.
S. Vajda, Fibonacci & Lucas Numbers and the Golden Section: Theory and Applications, Halsted Press, John Wiley and Sons, New York, 1989.
H.C. Williams, A p+1 method of factoring, Mathematics of Computation, 39, 225–234, 1982.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gysin, M., Seberry, J. (1999). Generalised Cycling Attacks on RSA and Strong RSA Primes. In: Pieprzyk, J., Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 1999. Lecture Notes in Computer Science, vol 1587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48970-3_13
Download citation
DOI: https://doi.org/10.1007/3-540-48970-3_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65756-9
Online ISBN: 978-3-540-48970-2
eBook Packages: Springer Book Archive