Paper 2015/071

Factoring N=p^r q^s for Large r and s

Jean-Sebastien Coron, Jean-Charles Faugere, Guenael Renault, and Rina Zeitoun

Abstract

Boneh et al. showed at Crypto 99 that moduli of the form N=p^r q can be factored in polynomial time when r=log p. Their algorithm is based on Coppersmith's technique for finding small roots of polynomial equations. In this paper we show that N=p^r q^s can also be factored in polynomial time when r or s is at least (log p)^3; therefore we identify a new class of integers that can be efficiently factored. We also generalize our algorithm to moduli N with k prime factors; we show that a non-trivial factor of N can be extracted in polynomial-time if one of the k exponents is large enough.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. CT-RSA 2016
Keywords
Factoring N=p^r q^sCoppersmith's AlgorithmLLLRSA.
Contact author(s)
jean-sebastien coron @ uni lu
History
2015-11-24: last of 2 revisions
2015-02-10: received
See all versions
Short URL
https://ia.cr/2015/071
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/071,
      author = {Jean-Sebastien Coron and Jean-Charles Faugere and Guenael Renault and Rina Zeitoun},
      title = {Factoring N=p^r q^s for Large r and s},
      howpublished = {Cryptology ePrint Archive, Paper 2015/071},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/071}},
      url = {https://eprint.iacr.org/2015/071}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.