Implicit Factoring with Shared Most Significant and Middle Bits

Jean-Charles Faugère 1 Raphaël Marinier 1 Guénaël Renault 1
1 SALSA - Solvers for Algebraic Systems and Applications
LIP6 - Laboratoire d'Informatique de Paris 6, Inria Paris-Rocquencourt
Abstract : We study the problem of integer factoring given implicit information of a special kind. The problem is as follows: let $N_1 = p_1 q_1$ and $N_2 = p_2 q_2$ be two RSA moduli of same bit-size, where $q_1$, $q_2$ are $\alpha$-bit primes. We are given the implicit information that $p_1$ and $p_2$ share $t$ most significant bits. We present a novel and rigorous lattice-based method that leads to the factorization of $N_1$ and $N_2$ in polynomial time as soon as $t \geq 2 \alpha + 3$. Subsequently, we heuristically generalize the method to $k$ RSA moduli $N_i = p_i q_i$ where the $p_i$'s all share $t$ most significant bits (MSBs) and obtain an improved bound on $t$ that converges to $t \geq \alpha + 3.55$... as $k$ tends to infinity. We study also the case where the $k$ factors $p_i$'s share $t$ contiguous bits in the middle and find a bound that converges to $2\alpha + 3$ when $k$ tends to infinity. This paper extends the work of May and Ritzenhofen in [9], where similar results were obtained when the $p_i$'s share least significant bits (LSBs). In [15], Sarkar and Maitra describe an alternative but heuristic method for only two RSA moduli, when the $p_i$'s share LSBs and/or MSBs, or bits in the middle. In the case of shared MSBs or bits in the middle and two RSA moduli, they get better experimental results in some cases, but we use much lower (at least 23 times lower) lattice dimensions and so we obtain a great speedup (at least $10^3$ faster). Our results rely on the following surprisingly simple algebraic relation in which the shared MSBs of $p_1$ and $p_2$ cancel out: $q_1 N_2 - q_2 N_ 1 = q_1 q_2 (p_2 - p_1)$. This relation allows us to build a lattice whose shortest vector yields the factorization of the $N_i$'s.
Document type :
Conference papers
Complete list of metadatas

Cited literature [17 references]  Display  Hide  Download
Contributor : Lip6 Publications <>
Submitted on : Monday, November 21, 2016 - 8:31:53 PM
Last modification on : Thursday, May 23, 2019 - 11:47:15 AM
Long-term archiving on : Monday, March 27, 2017 - 9:33:06 AM


Files produced by the author(s)



Jean-Charles Faugère, Raphaël Marinier, Guénaël Renault. Implicit Factoring with Shared Most Significant and Middle Bits. In 13th International Conference on Practice and Theory in Public Key Cryptography -- PKC 2010, May 2010, Paris, France. pp.70-87, ⟨10.1007/978-3-642-13013-7_5⟩. ⟨hal-01288914⟩



Record views


Files downloads