Upload
david-wong
View
554
Download
2
Embed Size (px)
Citation preview
Lattice Reduction Techniques To Attack
RSADavid Wong
March 2015
University of Bordeaux
ATTACKS
Attacks on the Implementation or the Mathematics.
•Recover the plaintext•Recover the private key
A Relaxed Model
• We know a part of the message• We know an approximation of one of
the prime• The private exponent is too small
LATTICE
COPPERSMITH
« le password du jour : cupcake »
« le password du jour : cupcake »
HOWGRAVE-GRAHAM
HOWGRAVE-GRAHAM
LLL reduction:• It only does integer linear
operations on the basis vectors
• The shortest vector of the output basis is bound
Those polynomials achieve two things:• They have the same root 𝑥0 but modulo 𝑁𝑚
• Each iteration introduce a new monomial
COPPERSMITH
BONEH-DURFEE
HOWGRAVE-GRAHAM
HERRMAN AND MAY: UNRAVELLED LINEARIZATION
BONEH-DURFEE BOUND
CONCLUSIONS