[10258] in cryptography@c2.net mail archive
RSA Attacks - Talk at Stanford - 1/28/2002 4PM (fwd)
daemon@ATHENA.MIT.EDU (Bill Stewart)
Fri Jan 25 14:29:14 2002
Message-Id: <5.0.2.1.1.20020124230735.0386bec0@idiom.com>
Date: Thu, 24 Jan 2002 23:11:44 -0800
To: cypherpunks@lne.com, cryptography@wasabisystems.com
From: Bill Stewart <bill.stewart@pobox.com>
Cc: sces@lists.internetsamurai.net
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Looks like an interesting talk!
---------- Forwarded message ----------
Date: Thu, 24 Jan 2002 16:52:35 -0800 (PST)
From: Glenn Durfee <gdurf@Theory.Stanford.EDU>
Subject: Ph.D. Oral Exam: Monday, January 28, 4PM
Algebraic Cryptanalysis
Glenn Durfee
Department of Computer Science
Stanford University
Gates Building, Room 498
Monday, Jan. 28th, 2002
4:00 PM - 5:00 PM
In this talk we study the security of the widely-used RSA public key
cryptosystem. RSA is used in the SSL protocol for security on the
Internet, and the SET protocol used by Visa for secure credit card
transactions. This talk outlines several cryptanalytic results on the RSA
public key cryptosystem and variants. We obtain our results using tools
from the theory of integer lattices.
We begin by introducing a novel algorithm for the factorization of a
class of integers related closely to RSA moduli, showing a new class
of integers can be efficiently factored. We go on to introduce
new attacks on the RSA public key cryptosystem which take advantage of
partial knowledge of a user's secret key, showing that in low public
exponent RSA, leaking the quarter least significant bits of the secret key
is sufficient to compromise RSA. Similar results (though not as strong)
hold for larger values of the public key. Next we describe a new attack on
the RSA public key cryptosystem when a short secret exponent is used,
extending previous bounds for short secret exponent vulnerability. Lastly,
we describe the Sun-Yang-Laih RSA key generation schemes, and introduce
attacks to break two out of three of these schemes.
+----------------------------------------------------------------------------+
| This message was sent via the Stanford Computer Science Department |
| colloquium mailing list. To be added to this list send an arbitrary |
| message to colloq-subscribe@cs.stanford.edu. To be removed from this list,|
| send a message to colloq-unsubscribe@cs.stanford.edu. For more information,|
| send an arbitrary message to colloq-request@cs.stanford.edu. For directions|
| to Stanford, check out http://www-forum.stanford.edu |
+-------------------------------------------------------------------------xcl+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
