Solving Generalized Small Inverse Problems

Noboru Kunihiro

Paper 2010/221

Solving Generalized Small Inverse Problems

Noboru Kunihiro

Abstract

We introduce a ``generalized small inverse problem (GSIP)'' and present an algorithm for solving this problem. GSIP is formulated as finding small solutions of $f (x_{0}, x_{1}, \dots, x_{n}) = x_{0} h (x_{1}, \dots, x_{n}) + C = 0 (mod M)$ for an $n$ -variate polynomial $h$ , non-zero integers $C$ and $M$ . Our algorithm is based on lattice-based Coppersmith technique. We provide a strategy for construction of a lattice basis for solving , which are systematically transformed from a lattice basis for solving . Then, we derive an upper bound such that the target problem can be solved in polynomial time in in an explicit form. Since GSIPs include some RSA related problems, our algorithm is applicable to them. For example, the small key attacks by Boneh and Durfee are re-found automatically.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Published elsewhere. This is a full version of ACISP2010 paper.
Keywords: cryptanalysis lattice techniques RSA
Contact author(s): kunihiro @ k u-tokyo ac jp
History: 2010-04-28: received
Short URL: https://ia.cr/2010/221
License: CC BY

BibTeX

@misc{cryptoeprint:2010/221,
      author = {Noboru Kunihiro},
      title = {Solving Generalized Small Inverse Problems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/221},
      year = {2010},
      url = {https://eprint.iacr.org/2010/221}
}