This document discusses a common factor attack on RSA cryptography. It begins by providing background on RSA and its use of large prime number factorization to encrypt data. It then introduces the idea of a common factor attack, where if two RSA moduli N1 and N2 share a common prime factor p, that factor can be obtained through calculating the greatest common divisor (GCD) of N1 and N2, without needing to fully factor either number. The document proposes a parallelized approach to perform this attack by dividing a dataset of RSA moduli into partitions, running GCD calculations on each partition separately, and combining the results. Experimental results show this approach recovers a high percentage of common factors through multiple iterations of the process.
This presentation is based on the paper :
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman
This presentation is based on the paper :
"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by R.L. Rivest, A. Shamir, and L. Adleman
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
In this project we develop an application for translation of information in any language to Cipher/Encrypted , which otherwise is done by using different software in the present scenario. Our attempt is to overcome the various shortcomings in different software available in the market and develop the best (Encryptor/Decryptor) with most useful algorithms. We explore and implement Tiny Algorith, Neural Algorithm, A hybrid blend Neural and Tiny algorithm, Rijandel Agorithm, Stegnography (for Image and Audio files), Video Encryption and Decryption, and a Chat server for secret Communication oiver the software.
Information and network security 13 playfair cipherVaibhav Khanna
The Playfair cipher was the first practical digraph substitution cipher. The scheme was invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the cipher. In playfair cipher unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a single alphabet
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
A very clear presentation on Crytographic Alogotithms DES and RSA with basic concepts of cryptography. This presented by students of Techno India, Salt Lake.
An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
In this project we develop an application for translation of information in any language to Cipher/Encrypted , which otherwise is done by using different software in the present scenario. Our attempt is to overcome the various shortcomings in different software available in the market and develop the best (Encryptor/Decryptor) with most useful algorithms. We explore and implement Tiny Algorith, Neural Algorithm, A hybrid blend Neural and Tiny algorithm, Rijandel Agorithm, Stegnography (for Image and Audio files), Video Encryption and Decryption, and a Chat server for secret Communication oiver the software.
Information and network security 13 playfair cipherVaibhav Khanna
The Playfair cipher was the first practical digraph substitution cipher. The scheme was invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted the use of the cipher. In playfair cipher unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a single alphabet
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
A very clear presentation on Crytographic Alogotithms DES and RSA with basic concepts of cryptography. This presented by students of Techno India, Salt Lake.
An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
A general introduction to GPGPU and an application involving solving large preconditioning problems with Domain Decomposition. Code is available at http://sourceforge.net/projects/cudasolver/ .
SECRYPT 2018 Presentation: 15th International Conference on Security and Cry...Mriganka Mandal
Title of the presentation: Cost-Effective Private Linear Key Agreement With Adaptive CCA Security from Prime Order Multilinear Maps and Tracing Traitors
Authors: Mriganka Mandal and Ratna Dutta
Accepted: SECRYPT 2018
Date and Venue: July 26 - 28, 2018 Porto, Portugal
Seminar of Threshold-optimal DSAECDSA signatures and an application to Bitcoin wallet security - ACNS 2016 by Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan
RSA always uses two big prime numbers to deal with the encryption process. The public key is obtained from the multiplication of both figures. However, we can break it by doing factorization to split the public key into two individual numbers. Cryptanalysis can perform the public key crack by knowing its value. The private key will be soon constructed after the two numbers retrieved. The public key is noted as “N”, while "N = P . Q". This technique is unclassified anymore to solve the RSA public and private key. If it is successfully factored into p and q then ɸ (N) = (P - 1) . (Q - 1) can be further calculated. By having the public key e, the private key d will be solved. Factorization method is the best way to do the demolition. This study concerns to numbers factorization. GCD calculation will produce the encryption "E" and decryption "D" keys, but it depends on the computer speed.
Watermarking of JPEG2000 Compressed Images with Improved EncryptionEditor IJCATR
The need for copyright protection, ownership verification, and other issues for digital data are getting more and more interest nowadays. Among the solutions for these issues, digital watermarking techniques are used. A range of watermarking methods has been projected. Compression plays a foremost role in the design of watermarking algorithms. For a digital watermarking method to be effective, it is vital that an embedded watermark should be robust against compression. JPEG2000 is a new standard for image compression and transmission. JPEG2000 offers both lossy and lossless compression. The projected approach is used to execute a robust watermarking algorithm to watermark JPEG2000 compressed and encrypted images. For encryption it uses RC6 block cipher. The method embeds watermark in the compressed- encrypted domain and extraction is done in the decrypted domain. The proposal also preserves the confidentiality of substance as the embedding is done on encrypted data. On the whole 3 watermarking schemes are used: Spread Spectrum, Scalar Costa Scheme Quantization Index Modulation, and Rational Dither Modulation.
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...vschiavoni
The slides I've presented at Middleware 2022 (23rd ACM/IFIP Middleware). Quebéc City, Québec, Canada. November 2022. This work was awarded the 'Best Paper Runner-Up Award'.
RSA and OAEP
Diffe-Hellman Key Exchange and its Security Aspects
Model of Asymmetric Key Cryptography
Factorization and other methods for Public Key Cryptography
We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
1. Common Factor Attack on RSA
Assessing the Public Key Infrastructure
Vineet Kumar
Computer Science & Engineering Department
Jadavpur University, Kolkata
http://vntkumar8.github.io
November 20, 2017
2. RSA
The most widely used Public Key Cryptographic primitive
RSA has stood the test of nearly 40 years of attacks, making it the
algorithm of choice for encrypting Internet credit-card transactions
securing e-mail , authenticating phone calls and others
Vineet Kumar Common Factor Attack on RSA November 20, 2017 2 / 22
3. Its all started with...
Die Hellman's Direction
Figure: New Directions in Cryptography [1976]
Vineet Kumar Common Factor Attack on RSA November 20, 2017 3 / 22
4. Idea of Public Key Crypto
Each party A has a public key PKA others can use to encrypt
messages to A:
C = PKA(M)
Each party A also has a secret key SKA for decrypting a received
ciphertext C :
M = SKA(C )
Vineet Kumar Common Factor Attack on RSA November 20, 2017 4 / 22
5. Idea of Public Key Crypto
In 1976, Marty Hellman and Whit Die, invented the notion of
public-key cryptography
Each party A has a public key PKA others can use to encrypt
messages to A:
C = PKA(M)
Each party A also has a secret key SKA for decrypting a received
ciphertext C :
M = SKA(C )
Vineet Kumar Common Factor Attack on RSA November 20, 2017 4 / 22
6. Idea of Public Key Crypto
In 1976, Marty Hellman and Whit Die, invented the notion of
public-key cryptography
Each party A has a public key PKA others can use to encrypt
messages to A:
C = PKA(M)
Each party A also has a secret key SKA for decrypting a received
ciphertext C :
M = SKA(C )
It is easy to compute public/secret key pairs.
Publishing PKA does not compromise SKA
It is computationally infeasible to obtain SKA from PKA (One Way
Functions)
Vineet Kumar Common Factor Attack on RSA November 20, 2017 4 / 22
8. RSA explained
PK = (n, e) where n = pq and gcd(e, φ(n)) = 1
SK = d where de = 1 mod φ(n)
Encryption/decryption are simple:
* C = PK (M) = M
e mod n
* M = SK (C ) = C
d mod n
Security of RSA relies on inability to factor product n of two primes p, q.
Vineet Kumar Common Factor Attack on RSA November 20, 2017 6 / 22
9. Strength of RSA
Factoring is hard
GNFS is best known algorithm for factorization
Vineet Kumar Common Factor Attack on RSA November 20, 2017 7 / 22
10. Common Factor Attack - Idea
What if we didn't have to factor ?
Vineet Kumar Common Factor Attack on RSA November 20, 2017 8 / 22
11. Common Factor Attack - Idea
N1 = p × q
N2 = p × r
Vineet Kumar Common Factor Attack on RSA November 20, 2017 8 / 22
12. Common Factor Attack - Idea
N1 = p × q
N2 = p × r
gcd(N1, N2) = p
Vineet Kumar Common Factor Attack on RSA November 20, 2017 8 / 22
14. Certicate
and its manipulation I
certicate as looks in browser same certicate when exported as .pem
Vineet Kumar Common Factor Attack on RSA November 20, 2017 10 / 22
15. Certicate
and its manipulation II
$ openssl x509 -in mailgooglecom.crt -out cert -text
Segregate the public key from the certicate
Vineet Kumar Common Factor Attack on RSA November 20, 2017 11 / 22
16. Imitation Game - I
Collected 7GB of 1024 bit Moduli 8GB of 2048 bit Moduli
FastGCD on dataset
computation ran on
0.4% of TLS Hosts are compromised due to Common Factor Attack
compared to 0.75% of Heninger et al. [Late 2015]
Vineet Kumar Common Factor Attack on RSA November 20, 2017 12 / 22
17. Imitation Game - I
Collected 7GB of 1024 bit Moduli 8GB of 2048 bit Moduli
FastGCD on dataset
computation ran on
0.4% of TLS Hosts are compromised due to Common Factor Attack
compared to 0.75% of Heninger et al. [Late 2015]
Reason of Such Vulnerability
sloppy implementations of RSA in embedded systems, especially in routers,
rewalls, and other network devices
less entropy for PRNGs
Vineet Kumar Common Factor Attack on RSA November 20, 2017 12 / 22
18. Our observation
In 2015, 0.4% of TLS Hosts were compromised compared to
0.75% that was reported in 2012
Computational Bottleneck
Enormous Memory Huge Computational Power is required.
Hasting et al. [2016] did a massive batchwise gcd comptation ever using
quad 6-core 3.40GHz Intel Xeon E7-8893 processors with 3 TB RAM
required over 500 GB of memory
Can we parallelize Batchwise GCD Computation?
Vineet Kumar Common Factor Attack on RSA November 20, 2017 13 / 22
19. Our Proposed Solution
1 Divide dataset randomly into parts
Vineet Kumar Common Factor Attack on RSA November 20, 2017 14 / 22
20. Our Proposed Solution
1 Divide dataset randomly into parts
largest data-size that a single node can handle
Vineet Kumar Common Factor Attack on RSA November 20, 2017 14 / 22
21. Our Proposed Solution
1 Divide dataset randomly into parts
2 Apply the batch-GCD algorithm over each part separately
Vineet Kumar Common Factor Attack on RSA November 20, 2017 14 / 22
22. Our Proposed Solution
1 Divide dataset randomly into parts
2 Apply the batch-GCD algorithm over each part separately
Obviously, the method will miss the instances where gcd(N1, N2) 1 and
N1 and N2 are in dierent partitions
Vineet Kumar Common Factor Attack on RSA November 20, 2017 14 / 22
23. Our Proposed Solution
1 Divide dataset randomly into parts
2 Apply the batch-GCD algorithm over each part separately
3 To overcome this, use multiple random divisions of the dataset and
aggregate the results using Union
Vineet Kumar Common Factor Attack on RSA November 20, 2017 14 / 22
24. One Complete Iteration
Input Dataset of RSA Moduli D
· · ·d2d1 dp−1 dp
· · ·v2v1 vp−1 vp
Set of Vulnerable RSA Moduli V
randomPartition
batchGCD
setUnion
Figure: One complete iteration of the proposed Parallelized Algorithm.
Vineet Kumar Common Factor Attack on RSA November 20, 2017 15 / 22
25. Algorithm
Input : Set of moduli D, constraint m, accuracy
Output: V set of vulnerable moduli in D
1 p ← ceiling(|D|/m) ;
2 k ← chooseIteration(m, p, ) ;
3 for i ← 1 to k do
4 {d1, d2, . . . , dp} ← randomPartition(D, p) ;
5 {v1, v2, . . . , vp} ← batchGCD({d1, d2, . . . , dp}) ;
6 Vi ← setUnion({v1, v2, . . . , vp}) ;
7 end
8 V ← setUnion({V1, V2, . . . , Vk}) ;
Algorithm 1: Parallelized Common Factor Attack
Vineet Kumar Common Factor Attack on RSA November 20, 2017 16 / 22
26. Proof
GD
g1
g2
g3
g4
Figure: Illustrative partition of
graph GD into subgraphs
{g1, g2, . . . , gp}.
undirected graph GD with RSA moduli
Ni as vertices
edges present between vertices
{Ni, Nj} i gcd(Ni, Nj) 1
(illustrated as solid edges)
partition the graph GD into mutually
exclusive subgraphs {g1, g2, . . . , gp}
batchGCD on each subset will yield all
edges within each subgraph, but will
miss the edges e(Ni ,Nj ) in GD where Ni
and Nj belong to two dierent
subgraphs (illustrated as dotted edges)
Vineet Kumar Common Factor Attack on RSA November 20, 2017 17 / 22
27. Proof
GD
g1
g2
g3
g4
Figure: Illustrative
partition of graph
GD into subgraphs
{g1, g2, . . . , gp}.
The probability that we will miss a specic edge
e(Ni ,Nj ) in GD after one execution of the parallel
batchGCD algorithm on {d1, d2, . . . , dp} can be
computed as Pi=1
Pi=1 = 1 −
total number of edges in {g1, g2, . . . , gp}
total number of edges in GD
≈ 1 −
edges in complete supergraph of {g1, g2, . . . , gp}
edges in complete supergraph of GD
≈ 1 −
p × m
2
mp
2
= 1 −
m − 1
mp − 1
=
m(p − 1)
mp − 1
.
Vineet Kumar Common Factor Attack on RSA November 20, 2017 18 / 22
28. Proof
GD
g1
g2
g3
g4
Figure: Illustrative
partition of graph
GD into subgraphs
{g1, g2, . . . , gp}.
probability that we will miss a specic edge e(Ni ,Nj )
in GD after k independent executions of the parallel
batchGCD algorithm
Pi=k = (Pi=1)k ≈
m(p − 1)
mp − 1
k
.
∴ fraction of edges recovered after k iterations is
≈ 1 − m(p−1)
mp−1
k
Vineet Kumar Common Factor Attack on RSA November 20, 2017 19 / 22
29. Proof
GD
g1
g2
g3
g4
Figure: Illustrative
partition of graph
GD into subgraphs
{g1, g2, . . . , gp}.
probability that we will miss a specic edge e(Ni ,Nj )
in GD after k independent executions of the parallel
batchGCD algorithm
Pi=k = (Pi=1)k ≈
m(p − 1)
mp − 1
k
.
∴ fraction of edges recovered after k iterations is
≈ 1 − m(p−1)
mp−1
k
Another interpretation of the values of and k as
≈ 1 −
|D| − |D|/p
|D| − 1
k
, that is,
k ≈
log (1 − )
log (|D| − |D|/p) − log (|D| − 1)
.
Vineet Kumar Common Factor Attack on RSA November 20, 2017 19 / 22
30. Results
1 2 3 4 5 6 7 8
70
75
80
85
90
95
100
Number of iterations (k )
Percentageaccuracy()
p = 2
p = 4
p = 8
p = 16
p = 32
Figure: Relationship between , p and k from experimental data.
Vineet Kumar Common Factor Attack on RSA November 20, 2017 20 / 22