How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Marc Joye, Jean Jacques Quisquater, Tsuyoshi Takagi

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

Original languageEnglish
Pages (from-to)297-316
Number of pages20
JournalDesigns, Codes, and Cryptography
Volume23
Issue number3
DOIs
Publication statusPublished - Aug 1 2001

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Applied Mathematics

Fingerprint Dive into the research topics of 'How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves'. Together they form a unique fingerprint.

  • Cite this