Abstract
The security of several signature schemes and cryptosystems, essentially proposed by Okamoto, is based on the difficulty of solving polynomial equations or inequations modulo n. The encryption and the decryption of these schemes are very simple when the factorisation of the modulus, a large composite number, is known.
We show here that we can, for any odd n, solve, in polynomial probabilistic time, quadratic equations modulo n, even if the factorisation of n is hidden, provided we are given a sufficiently good approximation of the solutions. We thus deduce how to break Okamoto’s second degree cryptosystem and we extend, in this way, Brickell’s and Shamir’s previous attacks.
Our main tool is lattices that we use after a linearisation of the problem, and the success of our method depends on the geometrical regularity of a particular kind of lattices.
Our paper is organized as follows:
First we recall the problems already posed, their partial solutions and describe how our results solve extensions of these problems. We then introduce our main tool, lattices and show how their geometrical properties fit in our subject. Finally, we deduce our results. These methods can be generalized to higher dimensions.
This work was supported in part by PRC Mathématiques et Informatique and in part by a convention between SEPT and University of Caen.
Chapter PDF
Similar content being viewed by others
IV. Bibliographic References
L. Babai: On Lovasz’s lattice reduction and the nearest lattice point problem, Combinatorica 6 (1986) pp 1–14.
E. Brickell, J. Delaurentis: An attack on a signature scheme proposed by Okamoto and Shiraishi, Proc. of Crypto’85, pp 10–14.
A. Frieze, J. Hastad, R. Kannan, J.C. Lagarias, A. Shamir: Reconstructing truncated variables satisfying linear congruences, to appear in SIAM Journal of Computing.
A.K. Lenstra, H.W. Lenstra, L. Lovasz: Factoring polynomials with integer coefficients, Mathematische Annalen, 261, (1982) pp 513–534.
T. Okamoto, A. Shiraishi: A fast signature scheme based on quadratic inequalities, Proc. of the 1985 Symposium on Security and Privacy, April 1985, Oakland, CA.
T. Okamoto: Fast public-key cryptosystem using congruent polynomial equations, Electronics Letters, 1986, 22, pp 581–582.
T. Okamoto: Modification of a public-key cryptosystem, Electronics Letters, 1987, 23, pp 814–815.
A. Shamir: Private communications to Okamoto, quoted in [7], August and October 1986.
B. Vallée, M. Girault, P. Toffin: How to guess ℓ-th roots modulo n by reducing lattices bases, preprint of Université de Caen, to appear in Proceedings of First International Joint Conference of ISSAC-88 and AAECC-6 (July 88).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1988 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vallée, B., Girault, M., Toffin, P. (1988). How to Break Okamoto’s Cryptosystem by Reducing Lattice Bases. In: Barstow, D., et al. Advances in Cryptology — EUROCRYPT ’88. EUROCRYPT 1988. Lecture Notes in Computer Science, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45961-8_26
Download citation
DOI: https://doi.org/10.1007/3-540-45961-8_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-50251-7
Online ISBN: 978-3-540-45961-3
eBook Packages: Springer Book Archive