Abstract
We present a new algorithm based on binary quadratic forms to factor integers of the form N = pq 2. Its heuristic running time is exponential in the general case, but becomes polynomial when special (arithmetic) hints are available, which is exactly the case for the so-called NICE family of public-key cryptosystems based on quadratic fields introduced in the late 90s. Such cryptosystems come in two flavours, depending on whether the quadratic field is imaginary or real. Our factoring algorithm yields a general key-recovery polynomial-time attack on NICE, which works for both versions: Castagnos and Laguillaumie recently obtained a total break of imaginary-NICE, but their attack could not apply to real-NICE. Our algorithm is rather different from classical factoring algorithms: it combines Lagrange’s reduction of quadratic forms with a provable variant of Coppersmith’s lattice-based root finding algorithm for homogeneous polynomials. It is very efficient given either of the following arithmetic hints: the public key of imaginary-NICE, which provides an alternative to the CL attack; or the knowledge that the regulator of the quadratic field \(\mathbb{Q}(\sqrt{p})\) is unusually small, just like in real-NICE.
Chapter PDF
Similar content being viewed by others
Keywords
References
Adleman, L.M., McCurley, K.S.: Open problems in number theoretic complexity, II. In: Huang, M.-D.A., Adleman, L.M. (eds.) ANTS 1994. LNCS, vol. 877, pp. 291–322. Springer, Heidelberg (1994)
Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring N = p r q for large r. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999)
Bernstein, D.J.: List decoding for binary Goppa codes, (2008) Preprint http://cr.yp.to/papers.html#goppalist
Bostan, A., Gaudry, P., Schost, É.: Linear Recurrences with Polynomial Coefficients and Application to Integer Factorization and Cartier-Manin Operator. SIAM J. Comput. 36(6), 1777–1806 (2007)
Biehl, I., Paulus, S., Takagi, T.: Efficient Undeniable Signature Schemes based on Ideal Arithmetic in Quadratic Orders. Des. Codes Cryptography 31(2), 99–123 (2004)
Buchmann, J., Takagi, T., Vollmer, U.: Number Field Cryptography. In: van der Poorten, Stein (eds.) High Primes & Misdemeanours: Lectures in Honour of the 60th Birthday of Hugh Cowie Williams. Fields Institute Communications, vol. 41, pp. 111–125. AMS (2004)
Buchmann, J., Thiel, C., Williams, H.C.: Short Representation of Quadratic Integers. In: Proc. of CANT 1992, Math. Appl., vol. 325, pp. 159–185. Kluwer Academic Press, Dordrecht (1995)
Buchmann, J., Williams, H.C.: A Key-Exchange System based on Imaginary Quadratic Fields. J. Cryptology 1, 107–118 (1988)
Chudnovsky, D.V., Chudnovsky, G.V.: Approximations and Complex Multiplication According to Ramanujan. In: Ramanujan Revisited: Proceedings, pp. 375–472. Academic Press, Boston (1987)
Chistov, A.L.: The complexity of constructing the ring of integers of a global field. Dolk. Akad. Nauk. SSSR, 306, 1063–1067 (1989); English translation: Soviet. Math. Dolk. 39, 597–600 (1989)
Cohen, H., Lenstra Jr., H.W.: Heuristics on class groups. Springer LNM, vol. 1052, pp. 26–36 (1984)
Castagnos, G., Laguillaumie, F.: On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 260–277. Springer, Heidelberg (2009)
Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Heidelberg (2000)
Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology 10(4), 233–260 (1997)
Cox, D.A.: Primes of the form x 2 + ny 2. John Wiley & Sons, Chichester (1999)
Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective. Springer, Heidelberg (2001)
Cheng, K.H.F., Williams, H.C.: Some Results Concerning Certain Periodic Continued Fractions. Acta Arith. 117, 247–264 (2005)
Degert, G.: Uber die Bestimmung der Grundeinheit gewisser reell- quadratischer Zhalkörper. Abh. Math. Sem. Univ. Hanburg 22, 92–97 (1958)
Gower, J.E., Wagstaff Jr., S.S.: Square form factorization. Math. Comput. 77(261), 551–588 (2008)
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)
Howgrave-Graham, N.: Approximate Integer Common Divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51–66. Springer, Heidelberg (2001)
Hartmann, M., Paulus, S., Takagi, T.: NICE - New Ideal Coset Encryption. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 328–339. Springer, Heidelberg (1999)
Jaulmes, É., Joux, A.: A NICE Cryptanalysis. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 382–391. Springer, Heidelberg (2000)
Jacobson Jr., M.J., Lukes, R.F., Williams, H.C.: An investigation of bounds for the regulator of quadratic fields. Experimental Mathematics 4(3), 211–225 (1995)
Joux, A.: Algorithmic Cryptanalysis. CRC Press, Boca Raton (2009)
Jacobson Jr., M.J., Scheidler, R., Weimer, D.: An Adaptation of the NICE Cryptosystem to Real Quadratic Orders. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 191–208. Springer, Heidelberg (2008)
Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring Polynomials with Rational Coefficients. Math. Ann. 261, 515–534 (1982)
May, A.: Using LLL-Reduction for Solving RSA and Factorization Problems: A Survey. In: LLL+25 Conference in honour of the 25th birthday of the LLL algorithm (2007)
McKee, J.: Speeding Fermat’s factoring method. Math. Comput. 68(228), 1729–1737 (1999)
Milan, J.: Factoring Small Integers: An Experimental Comparison. INRIA report (2007), http://hal.inria.fr/inria-00188645/en/
Okamoto, T.: Fast public-key cryptosystem using congruent polynomial equations. Electronic Letters 22(11), 581–582 (1986)
Okamoto, T.: A fast signature scheme based on congruential polynomial operations. IEEE Transactions on Information Theory 36(1), 47–53 (1990)
Okamoto, T., Uchiyama, S.: A New Public-Key Cryptosystem as Secure as Factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)
Peralta, R.: Elliptic curve factorization using a partially oblivious function. In: Cryptography and computational number theory, Progr. Comput. Sci. Appl. Logic., vol. 20, pp. 123–128 (2001)
Peralta, R., Okamoto, E.: Faster Factoring of Integers of a Special Form. IEICE Trans. Fundamentals E79-A, 4, 489–493 (1996)
Paulus, S., Takagi, T.: A generalization of the Diffie-Hellman problem and related cryptosystems allowing fast decryption. In: Proc. of ICISC 1998, pp. 211–220 (1999)
Paulus, S., Takagi, T.: A New Public-Key Cryptosystem over a Quadratic Order with Quadratic Decryption Time. J. Cryptology 13(2), 263–272 (2000)
Schoof, R.: Quadratic fields and factorization. Computational Methods in Number Theory, MC-Tracts 154/155, 235–286 (1982)
Stehlé, D.: fplll-3.0, http://perso.ens-lyon.fr/damien.stehle/#software
Strassen, V.: Einige Resultate über Berechnungskomplexität. Jber. Deutsch. Math.-Verein., 78, 1–8 (1976/1977)
Takagi, T.: Fast RSA-type cryptosystem modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998)
Weimer, D.: An Adaptation of the NICE Cryptosystem to Real Quadratic Orders. Master’s thesis, Technische Universität Darmstadt (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Castagnos, G., Joux, A., Laguillaumie, F., Nguyen, P.Q. (2009). Factoring pq 2 with Quadratic Forms: Nice Cryptanalyses. In: Matsui, M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10366-7_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-10366-7_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10365-0
Online ISBN: 978-3-642-10366-7
eBook Packages: Computer ScienceComputer Science (R0)