## Cryptology ePrint Archive: Report 2005/153

On Security of Koyama Schemes

Abstract: Attack is possible upon all three RSA analogue PKCs based on singular cubic curves given by Koyama. While saying so, Seng et al observed that the scheme become insecure if a linear relation is known between two plaintexts. In this case, attacker has to compute greatest common divisor of two polynomials corresponding to those two plaintexts. However, the computation of greatest common divisor of two polynomials is not efficient. For the reason, the degree e of both polynomials, an encryption exponent, is quite large. In this paper, we propose an algorithm, which makes the attack considerably efficient. Subsequently we identify isomorphic attack on the Koyama schemes by using the isomorphism between two singular cubic curves.

Category / Keywords: public-key cryptography /