## Abstract

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

Original language | English |
---|---|

Pages (from-to) | 297-316 |

Number of pages | 20 |

Journal | Designs, Codes, and Cryptography |

Volume | 23 |

Issue number | 3 |

DOIs | |

Publication status | Published - Aug 2001 |

## All Science Journal Classification (ASJC) codes

- Computer Science Applications
- Applied Mathematics