Cryptanalysis of the RSA subgroup assumption from TCC 2005

18Citations
Citations of this article
33Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

At TCC 2005, Groth underlined the usefulness of working in small RSA subgroups of hidden order. In assessing the security of the relevant hard problems, however, the best attack considered for a subgroup of size 2 2ℓ had a complexity of (2ℓ. Accordingly, ℓ=100 bits was suggested as a concrete parameter. This paper exhibits an attack with a complexity of roughly 2ℓ/2 operations, suggesting that Groth's original choice of parameters was overly aggressive. It also discusses the practicality of this new attack and various implementation issues. © 2011 International Association for Cryptologic Research.

Cite

CITATION STYLE

APA

Coron, J. S., Joux, A., Mandal, A., Naccache, D., & Tibouchi, M. (2011). Cryptanalysis of the RSA subgroup assumption from TCC 2005. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6571 LNCS, pp. 147–155). Springer Verlag. https://doi.org/10.1007/978-3-642-19379-8_9

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free