Small primitive roots and malleability of RSA moduli
Luis Dieulefait, Jorge Jimenez Urroz
TL;DR
This paper refutes a conjecture about RSA modulus malleability by providing an explicit algorithm to factorize RSA moduli with minimal information, highlighting the subtlety of malleability in cryptographic contexts.
Contribution
It presents an explicit algorithm that disproves a prior conjecture on RSA malleability, showing how minimal auxiliary information can lead to factorization.
Findings
Algorithm can factorize RSA moduli with little auxiliary info
Refutes the conjecture about RSA malleability
Highlights complexity of malleability concept
Abstract
In a paper of P. Paillier and J. Villar a conjecture is made about the malleability of an RSA modulus. In this paper we present an explicit algorithm refuting the conjecture. Concretely we can factorize an RSA modulus n using very little information on the factorization of a concrete n' coprime to n. However, we believe the conjecture might be true, when imposing some extra conditions on the auxiliary n' allowed to be used. In particular, the paper shows how subtle the notion of malleability is.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · Coding theory and cryptography · Cryptography and Residue Arithmetic