[Cryptography] MATH: Unlikely correctness of paper will break some discrete logarithm over F_p^*
Georgi Guninski
guninski at guninski.com
Fri Sep 2 01:28:31 EDT 2016
On Thu, Sep 01, 2016 at 09:48:40PM +0000, Daniel Robinson wrote:
> Ramanathan != Ramanujan...
>
> At any rate, Andrew Poelstra e-mailed the Curves list about some fatal
> flaws he found in this paper:
> https://moderncrypto.org/mail-archive/curves/2016/000739.html
>
>
Feel free to forward to the other list, possibly CC'ing me.
After some discussion with kristian.gjosteen at math.ntnu.no, I believe
there are critical problems even if the equations are correct.
Their numerical example indeed doesn't agree with b_1 from (13).
The problem appears to be the correct upper bound for \beta_n is pq,
not p. This essentially makes \beta_n free variable in their
congruences, giving solution for all n (the secret exponent).
The paper doesn't mention uniqueness of the linear solution.
>
> On Thu, Sep 1, 2016 at 2:27 PM Viktor Dukhovni <cryptography at dukhovni.org>
> wrote:
>
> > On Wed, Aug 31, 2016 at 11:33:25AM +0300, Georgi Guninski wrote:
> >
> > > https://arxiv.org/abs/1608.07032
More information about the cryptography
mailing list