Abstract
In numerous problems of computational number theory, there often arise polynomial equations or inequations modulo a number n. When n is a power of a prime number, polynomial-time algorithms, either deterministic or probabilistic, allow one to solve these problems. The same is true, via the Chinese remainder theorem, when the factorisation of n is known. A natural and important question is the following one: Is the task of solving polynomial equations or inequations modulo n as difficult as the factorisation of n?
We show here that, even if the factorisation of n is unknown, we can solve in polynomial probabilistic time polynomial inequations or polynomial equations modulo n provided we are given a sufficiently good initial approximation of a solution.
Our main tool is lattices that we use after a linearisation of the problem; we study a particular kind of lattice, which generalize that of Frieze et al, and the solution of our problem relies on the geometrical regularity of these lattices.
Our results are both algorithmical and structural:
On the one hand, we exhibit an algorithm, based on lattice reduction ideas, which reconstructs truncated roots of polynomials, and we extend here some previous results, only obtained in the linear case by Frieze et al. This algorithm has numerous practical applications, since the security of many cryptographic schemes is based on the difficulty of solving polynomial equations or inequations modulo n. We first deduce that it is easy to break higher-degree versions of Okamoto's recent cryptosystem and we extend, in this way, previous attacks of Brickell and Shamir. We also obtain new results about the predictability of the RSA pseudo-random generator.
On the other hand, we establish, for any ℓ, new theoretical results about the comparative distribution of ℓ-th powers and their ℓ-th roots, and we can prove, in the case ℓ=2, a very natural property about this distribution. These results can be seen as extensions, in a slightly different way, of a previous theorem of Blum.
This work was supported in part by PRC “Mathématiques et Informatique” and in part by a convention between SEPT and University of Caen.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
5. Bibliographic References
L. Babai: On Lovasz's lattice reduction and the nearest lattice point problem, Combinatorica 6, pp 1–14.
M. Blum: How to exchange (secret) keys, ACM transactions on Computer systems, 1, 2, may 83, pp 175–193.
E. Brickell, J. Delaurentis: An attack on a signature scheme proposed by Okamoto and Shiraishi, Proc of Crypto'85, pp 1–4.
A. Frieze, J. Hastad, R. Kannan, J.C. Lagarias, A. Shamir: Reconstructing truncated variables satisfying linear congruences, to appear in SIAM Journal of Computing
A.K. Lenstra, H.W. Lenstra, L. Lovasz: Factoring polynomials with integer coefficients, Mathematische Annalen, 261, (1982) pp 513–534
T. Okamoto, A. Shiraishi: A fast signature scheme based on quadratic inequalities, Proc of the 1985 Symposium on Security and Privacy, April 1985, Oakland, CA.
T. Okamoto: Fast public-key cryptosystem using congruent polynomial equations, Electronics Letters, 1986, 22, pp 581–582.
T. Okamoto: Modification of a public-key cryptosystem, Electronics Letters, 1987, 23, pp 814–815.
A. Shamir: Private communications to Okamoto, August and October 1986, (quoted in Okamoto [8]).
B. Vallée, M. Girault, Ph. Toffin: How to break Okamoto's cryptosystems by reducing lattice bases, Proceedings of Eurocrypt'87, Lecture notes in Computer Science.
B. Vallée: Quasi-uniform algorithms for finding small quadratic residues and application to integer factorisation, or Factorisation entière par génération quasi-uniforme de petits résidus quadratiques, preprints of Département de Mathématiques de l'Université de Caen.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1989 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vallée, B., Girault, M., Toffin, P. (1989). How to guess ℓ-th roots modulo n by reducing lattice bases. In: Mora, T. (eds) Applied Algebra, Algebraic Algorithms and Error-Correcting Codes. AAECC 1988. Lecture Notes in Computer Science, vol 357. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-51083-4_78
Download citation
DOI: https://doi.org/10.1007/3-540-51083-4_78
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-51083-3
Online ISBN: 978-3-540-46152-4
eBook Packages: Springer Book Archive