Cryptology ePrint Archive: Report 2015/071
Factoring N=p^r q^s for Large r and s
Jean-Sebastien Coron and Jean-Charles Faugere and Guenael Renault and Rina Zeitoun
Abstract: Boneh et al. showed at Crypto 99 that moduli of the form N=p^r q can be factored in polynomial time when r=log p. Their algorithm is based on Coppersmith's technique for finding small roots of polynomial equations. In this paper we show that N=p^r q^s can also be factored in polynomial time when r or s is at least (log p)^3; therefore we identify a new class of integers that can be efficiently factored. We also generalize our algorithm to moduli N with k prime factors; we show that a non-trivial factor of N can be extracted in polynomial-time if one of the k exponents is large enough.
Category / Keywords: public-key cryptography / Factoring N=p^r q^s, Coppersmith's Algorithm, LLL, RSA.
Original Publication (with major differences): CT-RSA 2016
Date: received 1 Feb 2015, last revised 24 Nov 2015
Contact author: jean-sebastien coron at uni lu
Available format(s): PDF | BibTeX Citation
Version: 20151124:102608 (All versions of this report)
Short URL: ia.cr/2015/071
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]