Multi-power Post-quantum RSA

John M.  Schanck

Paper 2018/325

Multi-power Post-quantum RSA

John M. Schanck

Abstract

Special purpose factoring algorithms have discouraged the adoption of multi-power RSA, even in a post-quantum setting. We revisit the known attacks and find that a general recommendation against repeated factors is unwarranted. We find that one-terabyte RSA keys of the form $n = p_{1}^{2} p_{2}^{3} p_{3}^{5} p_{4}^{7} \dots p_{i}^{π_{i}} \dots p_{20044}^{225287}$ are competitive with one-terabyte RSA keys of the form $n = p_{1} p_{2} p_{3} p_{4} \dots p_{i} \dots p_{2^{31}}$ . Prime generation can be made to be a factor of 100000 times faster at a loss of at least $1$ but not more than $17$ bits of security against known attacks. The range depends on the relative cost of bit and qubit operations under the assumption that qubit operations cost $2^{c}$ bit operations for some constant $c$ .

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: Preprint. MINOR revision.
Keywords: post-quantum cryptography
Contact author(s): jschanck @ uwaterloo ca
History: 2018-04-09: received
Short URL: https://ia.cr/2018/325
License: CC BY

BibTeX

@misc{cryptoeprint:2018/325,
      author = {John M.  Schanck},
      title = {Multi-power Post-quantum {RSA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/325},
      year = {2018},
      url = {https://eprint.iacr.org/2018/325}
}