Paper 2010/221

Solving Generalized Small Inverse Problems

Noboru Kunihiro

Abstract

We introduce a ``generalized small inverse problem (GSIP)'' and present an algorithm for solving this problem. GSIP is formulated as finding small solutions of $f(x_0, x_1, \ldots , x_n)=x_0 h(x_1, \ldots , x_n)+C=0 (\bmod \; M)$ for an $n$-variate polynomial $h$, non-zero integers $C$ and $M$. Our algorithm is based on lattice-based Coppersmith technique. We provide a strategy for construction of a lattice basis for solving $f=0$, which are systematically transformed from a lattice basis for solving $h=0$. Then, we derive an upper bound such that the target problem can be solved in polynomial time in $\log M$ in an explicit form. Since GSIPs include some RSA related problems, our algorithm is applicable to them. For example, the small key attacks by Boneh and Durfee are re-found automatically.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. This is a full version of ACISP2010 paper.
Keywords
cryptanalysislattice techniquesRSA
Contact author(s)
kunihiro @ k u-tokyo ac jp
History
2010-04-28: received
Short URL
https://ia.cr/2010/221
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/221,
      author = {Noboru Kunihiro},
      title = {Solving Generalized Small Inverse Problems},
      howpublished = {Cryptology ePrint Archive, Paper 2010/221},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/221}},
      url = {https://eprint.iacr.org/2010/221}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.