How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Marc Joye; Jean Jacques Quisquater; Tsuyoshi Takagi

doi:10.1023/A:1011219027181

How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Marc Joye, Jean Jacques Quisquater, Tsuyoshi Takagi

Laboratory of Mathematical Design for Advanced Cryptography

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

Original language	English
Pages (from-to)	297-316
Number of pages	20
Journal	Designs, Codes, and Cryptography
Volume	23
Issue number	3
DOIs	https://doi.org/10.1023/A:1011219027181
Publication status	Published - Aug 2001

All Science Journal Classification (ASJC) codes

Computer Science Applications
Applied Mathematics

Access to Document

10.1023/A:1011219027181

Cite this

@article{8822ecb6f9c04a1e812aba0b7018a260,

title = "How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves",

abstract = "Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.",

author = "Marc Joye and Quisquater, {Jean Jacques} and Tsuyoshi Takagi",

year = "2001",

month = aug,

doi = "10.1023/A:1011219027181",

language = "English",

volume = "23",

pages = "297--316",

journal = "Designs, Codes, and Cryptography",

issn = "0925-1022",

publisher = "Springer Netherlands",

number = "3",

}

TY - JOUR

T1 - How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

AU - Joye, Marc

AU - Quisquater, Jean Jacques

AU - Takagi, Tsuyoshi

PY - 2001/8

Y1 - 2001/8

N2 - Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

AB - Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

UR - http://www.scopus.com/inward/record.url?scp=0035426859&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0035426859&partnerID=8YFLogxK

U2 - 10.1023/A:1011219027181

DO - 10.1023/A:1011219027181

M3 - Article

AN - SCOPUS:0035426859

SN - 0925-1022

VL - 23

SP - 297

EP - 316

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

IS - 3

ER -

How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this