Date post: | 23-Jan-2018 |
Category: |
Science |
Upload: | david-wong |
View: | 554 times |
Download: | 2 times |
Lattice Reduction Techniques To Attack
RSADavid Wong
March 2015
University of Bordeaux
ATTACKS
Attacks on the Implementation or the Mathematics.
•Recover the plaintext•Recover the private key
A Relaxed Model
• We know a part of the message• We know an approximation of one of
the prime• The private exponent is too small
LATTICE
COPPERSMITH
« le password du jour : cupcake »
« le password du jour : cupcake »
HOWGRAVE-GRAHAM
HOWGRAVE-GRAHAM
LLL reduction:• It only does integer linear
operations on the basis vectors
• The shortest vector of the output basis is bound
Those polynomials achieve two things:• They have the same root 𝑥0 but modulo 𝑁𝑚
• Each iteration introduce a new monomial
COPPERSMITH
BONEH-DURFEE
HOWGRAVE-GRAHAM
HERRMAN AND MAY: UNRAVELLED LINEARIZATION
BONEH-DURFEE BOUND
CONCLUSIONS