Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Attacks on RSA using Lattice reduction techniques (LLL)

621 views

Published on

Attacks on RSA using Lattice reduction techniques (LLL) : Coppersmith and Boneh and Durfee revisited by Howgrave-Graham and Herrmann and May.

Published in: Science
  • Be the first to comment

  • Be the first to like this

Attacks on RSA using Lattice reduction techniques (LLL)

  1. 1. Lattice Reduction Techniques To Attack RSA David Wong March 2015 University of Bordeaux
  2. 2. ATTACKS
  3. 3. Attacks on the Implementation or the Mathematics. •Recover the plaintext •Recover the private key
  4. 4. A Relaxed Model • We know a part of the message • We know an approximation of one of the prime • The private exponent is too small
  5. 5. LATTICE
  6. 6. COPPERSMITH
  7. 7. « le password du jour : cupcake »
  8. 8. « le password du jour : cupcake »
  9. 9. HOWGRAVE-GRAHAM
  10. 10. HOWGRAVE-GRAHAM
  11. 11. LLL reduction: • It only does integer linear operations on the basis vectors • The shortest vector of the output basis is bound
  12. 12. Those polynomials achieve two things: • They have the same root 𝑥0 but modulo 𝑁 𝑚 • Each iteration introduce a new monomial
  13. 13. COPPERSMITH
  14. 14. BONEH-DURFEE
  15. 15. HOWGRAVE-GRAHAM
  16. 16. HERRMAN AND MAY: UNRAVELLED LINEARIZATION
  17. 17. BONEH-DURFEE BOUND
  18. 18. CONCLUSIONS

×