Cryptology ePrint Archive: Report 2006/235
Application of ECM to a Class of RSA keys
Abderrahmane Nitaj
Abstract: Let $N=pq$ be an RSA modulus where $p$, $q$ are large
primes of the same bitsize and
$\phi(N)=(p-1)(q-1)$. We study
the class of the public exponents $e$ for which there exist
integers $X$, $Y$, $Z$ satisfying
$$eX+\phi(N)Y=NZ,$$
with $\vert
XY\vert <{\sqrt{2}\over 6}N^{1\over 2}$ and all
prime
factors
of
$\vert Y\vert$ are less than $10^{40}$. We
show that these
exponents are of improper use in RSA cryptosystems and that their
number
is at least
$O\left(N^{{1\over
2}-\e}\right)$ where $\e$ is a small positive constant. Our method
combines
continued
fractions, Coppersmith's lattice-based technique for finding small
roots
of bivariate polynomials and H. W. Lenstra's elliptic curve
method
(ECM) for factoring.
Category / Keywords: RSA cryptosystem, Continued fractions, Coppersmith's algorithm, Elliptic curve method, LLL algorithm
Date: received 7 Jul 2006
Contact author: nitaj at math unicaen fr
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20060713:072032 (All versions of this report)
Short URL: ia.cr/2006/235
[ Cryptology ePrint archive ]