RSA Attacks - Talk at Stanford - 1/28/2002 4PM (fwd)

Bill Stewart bill.stewart at pobox.com
Fri Jan 25 02:11:44 EST 2002 

Looks like an interesting talk!

---------- Forwarded message ----------
Date: Thu, 24 Jan 2002 16:52:35 -0800 (PST)
From: Glenn Durfee <gdurf at Theory.Stanford.EDU>
Subject: Ph.D. Oral Exam: Monday, January 28, 4PM

                        Algebraic Cryptanalysis
                             Glenn Durfee

                    Department of Computer Science
                          Stanford University
                        Gates Building, Room 498
                        Monday, Jan. 28th, 2002
                           4:00 PM - 5:00 PM


In this talk we study the security of the widely-used RSA public key
cryptosystem.  RSA is used in the SSL protocol for security on the
Internet, and the SET protocol used by Visa for secure credit card
transactions.  This talk outlines several cryptanalytic results on the RSA
public key cryptosystem and variants.  We obtain our results using tools
from the theory of integer lattices.

We begin by introducing a novel algorithm for the factorization of a
class of integers related closely to RSA moduli, showing a new class
of integers can be efficiently factored.  We go on to introduce
new attacks on the RSA public key cryptosystem which take advantage of
partial knowledge of a user's secret key, showing that in low public
exponent RSA, leaking the quarter least significant bits of the secret key
is sufficient to compromise RSA.  Similar results (though not as strong)
hold for larger values of the public key.  Next we describe a new attack on
the RSA public key cryptosystem when a short secret exponent is used,
extending previous bounds for short secret exponent vulnerability.  Lastly,
we describe the Sun-Yang-Laih RSA key generation schemes, and introduce
attacks to break two out of three of these schemes.

+----------------------------------------------------------------------------+
| This message was sent via the Stanford Computer Science Department         |
| colloquium mailing list.  To be added to this list send an arbitrary       |
| message to colloq-subscribe at cs.stanford.edu.  To be removed from this list,|
| send a message to colloq-unsubscribe at cs.stanford.edu. For more information,|
| send an arbitrary message to colloq-request at cs.stanford.edu. For directions|
| to Stanford, check out http://www-forum.stanford.edu                       |
+-------------------------------------------------------------------------xcl+




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list