Optimal Bounds for Multi-Prime Φ-Hiding Assumption
We propose a novel attack against the Multi-Prime Φ-Hiding Problem, which was introduced by Kiltz et al. at CRYPTO 2010 to show the instantiability of RSA-OAEP. The cryptanalysis of the Multi-Prime Φ-Hiding Problem is also mentioned by them. At Africacrypt 2011, Herrmann improved their result by making use of the special structure of the polynomial that is derived from the problem instance. In his method, the bound on e is reduced by employing a linear equation with fewer variables. In order to optimize the size and number of variables, we examine every possible variable size and number of variables. Then, we show that our attack achieves a better bound than that of Herrmann, which shows that our attack is the best among all known attacks.
KeywordsMulti-Prime Φ-Hiding Assumption RSA-OAEP lattice based technique
Unable to display preview. Download preview PDF.
- 2.Cachin, C., Micali, S., Stadler, M.A.: Computationally Private Information Retrieval with Polylogarithmic Communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999)Google Scholar
- 3.Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)Google Scholar
- 9.Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under Chosen-Plaintext Attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010)Google Scholar