Solving simultaneous modular equations of low degree
J Hastad�- siam Journal on Computing, 1988 - SIAM
siam Journal on Computing, 1988•SIAM
We consider the problem of solving systems of equations P_i(x)≡0(\bmodn_i)i=1⋯k where
P_i are polynomials of degree d and the n_i are distinct relatively prime numbers and
x<\min(n_i). We prove that if k>d(d+1)/2 we can recover x in polynomial time provided
\min(n_i)>2^d^2. As a consequence the RSA cryptosystem used with a small exponent is not
a good choice to use as a public-key cryptosystem in a large network. We also show that a
protocol by Broder and Dolev Proceedings on the 25th Annual IEEE Symposium on the�…
P_i are polynomials of degree d and the n_i are distinct relatively prime numbers and
x<\min(n_i). We prove that if k>d(d+1)/2 we can recover x in polynomial time provided
\min(n_i)>2^d^2. As a consequence the RSA cryptosystem used with a small exponent is not
a good choice to use as a public-key cryptosystem in a large network. We also show that a
protocol by Broder and Dolev Proceedings on the 25th Annual IEEE Symposium on the�…
We consider the problem of solving systems of equations where are polynomials of degree d and the are distinct relatively prime numbers and . We prove that if we can recover x in polynomial time provided . As a consequence the RSA cryptosystem used with a small exponent is not a good choice to use as a public-key cryptosystem in a large network. We also show that a protocol by Broder and Dolev [Proceedings on the 25th Annual IEEE Symposium on the Foundations of Computer Science, 1984] is insecure if RSA with a small exponent is used.
Society for Industrial and Applied MathematicsShowing the best result for this search. See all results