Cryptanalysis of the RSA Subgroup Assumption from TCC 2005

12 years 7 months ago

Download eprint.iacr.org

At TCC 2005, Groth underlined the usefulness of working in small RSA subgroups of hidden order. In assessing the security of the relevant hard problems, however, the best attack considered for a subgroup of size 22 had a complexity of O(2 ). Accordingly, = 100 bits was suggested as a concrete parameter. This paper exhibits an attack with a complexity of roughly 2 /2 operations, suggesting that Groth’s original choice of parameters was overly aggressive. It also discusses the practicality of this new attack and various implementation issues. Key-words: rsa moduli, hidden order, subgroup, cryptanalysis.

Jean-Sébastien Coron, Antoine Joux, Avradip

Real-time Traffic

Cryptology | Groth | Implementation Issues | PKC 2011 | Practicality |

claim paper

Post Info
More Details (n/a)

Added	17 Sep 2011
Updated	17 Sep 2011
Type	Journal
Year	2011
Where	PKC
Authors	Jean-Sébastien Coron, Antoine Joux, Avradip Mandal, David Naccache, Mehdi Tibouchi

Comments (0)

Sciweavers

Cryptanalysis of the RSA Subgroup Assumption from TCC 2005

Cryptology | Groth | Implementation Issues | PKC 2011 | Practicality |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers