Cryptology ePrint Archive: Report 2015/071

Factoring N=p^r q^s for Large r and s

Jean-Sebastien Coron and Jean-Charles Faugere and Guenael Renault and Rina Zeitoun

Abstract: Boneh et al. showed at Crypto 99 that moduli of the form N=p^r q can be factored in polynomial time when r=log p. Their algorithm is based on Coppersmith's technique for finding small roots of polynomial equations. In this paper we show that N=p^r q^s can also be factored in polynomial time when r or s is at least (log p)^3; therefore we identify a new class of integers that can be efficiently factored. We also generalize our algorithm to moduli N with k prime factors; we show that a non-trivial factor of N can be extracted in polynomial-time if one of the k exponents is large enough.

Category / Keywords: public-key cryptography / Factoring N=p^r q^s, Coppersmith's Algorithm, LLL, RSA.

Original Publication (with major differences): CT-RSA 2016

Date: received 1 Feb 2015, last revised 24 Nov 2015

Contact author: jean-sebastien coron at uni lu

Available format(s): PDF | BibTeX Citation

Version: 20151124:102608 (All versions of this report)

Short URL: ia.cr/2015/071