
-
Previous Article
Constructing self-dual codes from group rings and reverse circulant matrices
- AMC Home
- This Issue
-
Next Article
$ s $-PD-sets for codes from projective planes $ \mathrm{PG}(2,2^h) $, $ 5 \leq h\leq 9 $
Finding small solutions of the equation $ \mathit{{Bx-Ay = z}} $ and its applications to cryptanalysis of the RSA cryptosystem
1. | National Innovation Institute of Defense Technology, Beijing 100071, China |
2. | College of Liberal Arts and Sciences, National University of Defense Technology, Changsha 410073, China |
3. | State Key Laboratory of Cryptology, Beijing 100878, China |
4. | College of Computer National University of Defense Technology, Changsha 410073, China |
5. | College of Information Science and Technology/Collage of Cyber Security, Jinan University, Guangzhou 510632, China |
In this paper, we study the condition of finding small solutions $ (x,y,z) = (x_0, y_0, z_0) $ of the equation $ Bx-Ay = z $. The framework is derived from Wiener's small private exponent attack on RSA and May-Ritzenhofen's investigation about the implicit factorization problem, both of which can be generalized to solve the above equation. We show that these two methods, together with Coppersmith's method, are equivalent for solving $ Bx-Ay = z $ in the general case. Then based on Coppersmith's method, we present two improvements for solving $ Bx-Ay = z $ in some special cases. The first improvement pays attention to the case where either $ \gcd(x_0,z_0,A) $ or $ \gcd(y_0,z_0,B) $ is large enough. As the applications of this improvement, we propose some new cryptanalysis of RSA, such as new results about the generalized implicit factorization problem, attacks with known bits of the prime factor, and so on.
References:
[1] |
Y. Aono, A new lattice construction for partial key exposure attack for RSA, Public Key Cryptography-PKC 2009, Springer Berlin Heidelberg, (2009), 34–53. Google Scholar |
[2] |
J. Blömer and A. May,
New partial key exposure attacks on RSA, Advances in Cryptology - CRYPTO 2003, Lecture Notes in Comput. Sci., Springer, Berlin, 2729 (2003), 27-43.
doi: 10.1007/978-3-540-45146-4_2. |
[3] |
D. Boneh and G. Durfee,
Cryptanalysis of RSA with private key $d$ less than $N^{0.292}$, Advances in Cryptology - EUROCRYPT '99 (Prague), Lecture Notes in Comput. Sci. Springer, Berlin, 1592 (1999), 1-11.
doi: 10.1007/3-540-48910-X_1. |
[4] |
D. Boneh, G. Durfee and Y. Frankel,
An attack on RSA given a small fraction of the private key bits, Advances in Cryptology - ASIACRYPT'98 (Beijing), Lecture Notes in Comput. Sci., Springer, Berlin, 1514 (1998), 25-34.
doi: 10.1007/3-540-49649-1_3. |
[5] |
D. Coppersmith,
Finding a small root of a univariate modular equation, Advances in Cryptology - EUROCRYPT '96 (Saragossa, 1996), Lecture Notes in Comput. Sci., Springer, Berlin, 1070 (1996), 155-165.
doi: 10.1007/3-540-68339-9_14. |
[6] |
D. Coppersmith,
Finding a small root of a bivariate integer equation, factoring with high bits known, Advances in Cryptology - EUROCRYPT '96 (Saragossa, 1996), Lecture Notes in Comput. Sci., Springer, Berlin, 1070 (1996), 178-189.
doi: 10.1007/3-540-68339-9_16. |
[7] |
D. Coppersmith,
Small solutions to polynomial equations, and low exponent RSA vulnerabilities, Journal of Cryptology, 10 (1997), 233-260.
doi: 10.1007/s001459900030. |
[8] |
J.-S. Coron,
Finding small roots of bivariate integer polynomial equations revisited, Advances in Cryptology - EUROCRYPT 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3027 (2004), 492-505.
doi: 10.1007/978-3-540-24676-3_29. |
[9] |
J.-S. Coron and A. May,
Deterministic polynomial-time equivalence of computing the RSA secret key and factoring, Journal of Cryptology, 20 (2007), 39-50.
doi: 10.1007/s00145-006-0433-6. |
[10] |
B. De Weger,
Cryptanalysis of RSA with small prime difference, Appl. Algebra Engrg. Comm. Comput., 13 (2002), 17-28.
doi: 10.1007/s002000100088. |
[11] |
M. Ernst, E. Jochemsz, A. May and B. de Weger,
Partial key exposure attacks on RSA up to full size exponents, Advances in Cryptology - EUROCRYPT 2005, Lecture Notes in Comput. Sci., Springer, Berlin, 3494 (2005), 371-386.
doi: 10.1007/11426639_22. |
[12] |
J. C. Faugère, R. Marinier and G. Renault,
Implicit factoring with shared most significant and middle bits, Public Key Cryptography - PKC 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6056 (2010), 70-87.
doi: 10.1007/978-3-642-13013-7_5. |
[13] |
G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, Fifth edition, The Clarendon Press, Oxford University Press, New York, 1979. |
[14] |
M. Herrmann and A. May,
Maximizing small root bounds by linearization and applications to small secret exponent RSA, Public Key Cryptography - PKC 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6056 (2010), 53-69.
doi: 10.1007/978-3-642-13013-7_4. |
[15] |
N. Howgrave-Graham,
Finding small roots of univariate modular equations revisited, Cryptography and Coding (Cirencester, 1997), Lecture Notes in Comput. Sci., Springer, Berlin, 1355 (1997), 131-142.
doi: 10.1007/BFb0024458. |
[16] |
N. Howgrave-Graham,
Approximate integer common divisors, Cryptography and Lattices (Providence, RI, 2001), Lecture Notes in Comput. Sci., Springer, Berlin, 2146 (2001), 51-66.
doi: 10.1007/3-540-44670-2_6. |
[17] |
A. Joux, Algorithmic Cryptanalysis, Chapman & Hall/CRC Cryptography and Network Security, CRC Press, Boca Raton, FL, 2009.
doi: 10.1201/9781420070033. |
[18] |
S. Kumar and C. Narasimham, Cryptanalysis of RSA with small prime difference using unravelled linearization, International Journal of Computer Applications, 61 (2013). Google Scholar |
[19] |
A. K. Lenstra, H. W. Lenstra and L. Lovász,
Factoring polynomials with rational coefficients, Mathematische Annalen, 261 (1982), 515-534.
doi: 10.1007/BF01457454. |
[20] |
Y. Lu, L. Q. Peng, R. Zhang, L. Hu and D. D. Lin,
Towards optimal bounds for implicit factorization problem, Selected Areas in Cryptography - SAC 2015, Lecture Notes in Comput. Sci., Springer, [Cham], 9566 (2016), 462-476.
doi: 10.1007/978-3-319-31301-6_26. |
[21] |
Y. Lu, R. Zhang and D. Lin,
Improved bounds for the implicit factorization problem, Advances in Mathematics of Communications, 7 (2013), 243-251.
doi: 10.3934/amc.2013.7.243. |
[22] |
Y. Lu, R. Zhang, L. Q. Peng and D. D. Lin,
Solving linear equations modulo unknown divisors: Revisited, Advances in Cryptology - ASIACRYPT 2015. Part Ⅰ, Lecture Notes in Comput. Sci., Springer, Heidelberg, 9452 (2015), 189-213.
doi: 10.1007/978-3-662-48797-6_9. |
[23] |
A. May, New RSA Vulnerabilities Using Lattice Reduction Methods, Dissertation for Ph.D. Degree, University of Paderborn, 2003. Google Scholar |
[24] |
A. May,
Computing the RSA secret key is deterministic polynomial time equivalent to factoring, Advances in Cryptology - CRYPTO 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3152 (2004), 213-219.
doi: 10.1007/978-3-540-28628-8_13. |
[25] |
A. May and M. Ritzenhofen,
Implicit factoring: On polynomial time factoring given only an implicit hint, Public Key Cryptography - PKC 2009, Lecture Notes in Comput. Sci., Springer, Berlin, 5443 (2009), 1-14.
doi: 10.1007/978-3-642-00468-1_1. |
[26] | C. D. Meyer, Matrix Analysis and Applied Linear Algebra, Cambridge University Press, Cambridge, 2000. Google Scholar |
[27] |
H. Minkowski, Geometrie der Zahlen, Bibliotheca Mathematica Teubneriana, Band 40 Johnson Reprint Corp., New York-London, 1968. |
[28] |
A. Nitaj and M. R. K. Ariffin,
Implicit factorization of unbalanced RSA moduli, Journal of Applied Mathematics and Computing, 48 (2015), 349-363.
doi: 10.1007/s12190-014-0806-1. |
[29] |
A. Nitaj,
A new attack on RSA and CRT-RSA, Progress in Cryptology-AFRICACRYPT 2012, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7374 (2012), 221-233.
doi: 10.1007/978-3-642-31410-0_14. |
[30] |
L. Peng, L. Hu, Z. Huang and et al., Partial prime factor exposure attacks on RSA and its Takagi's variant, International Conference on Information Security Practice and Experience-ISPEC 2015, Springer International Publishing, (2015), 96–108. Google Scholar |
[31] |
L. Peng, L. Hu, Y. Lu and et al., Implicit factorization of RSA moduli revisited (short paper), International Workshop on Security-IWSEC 2015, Springer International Publishing, (2015), 67–76. Google Scholar |
[32] |
L. Q. Peng, L. Hu, J. Xu, Z. J. Huang and Y. H. Xie,
Further improvement of factoring RSA moduli with implicit hint, Progress in Cryptology - AFRICACRYPT 2014, Lecture Notes in Comput. Sci., Springer, Cham, 8469 (2014), 165-177.
doi: 10.1007/978-3-319-06734-6_11. |
[33] |
R. L. Rivest, A. Shamir and L. Adleman,
A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, 21 (1978), 120-126.
doi: 10.1145/359340.359342. |
[34] |
S. Sarkar,
Partial key exposure: Generalized framework to attack RSA, Progress in Cryptology - INDOCRYPT 2011, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7107 (2011), 76-92.
doi: 10.1007/978-3-642-25578-6_7. |
[35] |
S. Sarkar, S. Sen Gupta and S. Maitra,
Partial key exposure attack on RSA - improvements for limited lattice dimensions, Progress in Cryptology - INDOCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6498 (2010), 2-16.
doi: 10.1007/978-3-642-17401-8_2. |
[36] |
S. Sarkar and S. Maitra,
Improved partial key exposure attacks on RSA by guessing a few bits of one of the prime factors, Information Security and Cryptology - ICISC 2008, Lecture Notes in Comput. Sci., Springer, Berlin, 5461 (2009), 37-51.
doi: 10.1007/978-3-642-00730-9_3. |
[37] |
S. Sarkar and S. Maitra,
Approximate integer common divisor problem relates to implicit factorization, IEEE Transactions on Information Theory, 57 (2011), 4002-4013.
doi: 10.1109/TIT.2011.2137270. |
[38] |
A. Takayasu and N. Kunihiro,
Partial key exposure attacks on RSA: Achieving the Boneh-Durfee bound, Selected Areas in Cryptography - SAC 2014, Lecture Notes in Comput. Sci., Springer, Cham, 8781 (2014), 345-362.
doi: 10.1007/978-3-319-13051-4_21. |
[39] |
S. Wang, L. Qu, C. Li and et al., Generalized framework to attack RSA with special exposed bits of the private key, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 100 (2017), 2113-2122. Google Scholar |
[40] |
M. J. Wiener,
Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory, 36 (1990), 553-558.
doi: 10.1109/18.54902. |
show all references
References:
[1] |
Y. Aono, A new lattice construction for partial key exposure attack for RSA, Public Key Cryptography-PKC 2009, Springer Berlin Heidelberg, (2009), 34–53. Google Scholar |
[2] |
J. Blömer and A. May,
New partial key exposure attacks on RSA, Advances in Cryptology - CRYPTO 2003, Lecture Notes in Comput. Sci., Springer, Berlin, 2729 (2003), 27-43.
doi: 10.1007/978-3-540-45146-4_2. |
[3] |
D. Boneh and G. Durfee,
Cryptanalysis of RSA with private key $d$ less than $N^{0.292}$, Advances in Cryptology - EUROCRYPT '99 (Prague), Lecture Notes in Comput. Sci. Springer, Berlin, 1592 (1999), 1-11.
doi: 10.1007/3-540-48910-X_1. |
[4] |
D. Boneh, G. Durfee and Y. Frankel,
An attack on RSA given a small fraction of the private key bits, Advances in Cryptology - ASIACRYPT'98 (Beijing), Lecture Notes in Comput. Sci., Springer, Berlin, 1514 (1998), 25-34.
doi: 10.1007/3-540-49649-1_3. |
[5] |
D. Coppersmith,
Finding a small root of a univariate modular equation, Advances in Cryptology - EUROCRYPT '96 (Saragossa, 1996), Lecture Notes in Comput. Sci., Springer, Berlin, 1070 (1996), 155-165.
doi: 10.1007/3-540-68339-9_14. |
[6] |
D. Coppersmith,
Finding a small root of a bivariate integer equation, factoring with high bits known, Advances in Cryptology - EUROCRYPT '96 (Saragossa, 1996), Lecture Notes in Comput. Sci., Springer, Berlin, 1070 (1996), 178-189.
doi: 10.1007/3-540-68339-9_16. |
[7] |
D. Coppersmith,
Small solutions to polynomial equations, and low exponent RSA vulnerabilities, Journal of Cryptology, 10 (1997), 233-260.
doi: 10.1007/s001459900030. |
[8] |
J.-S. Coron,
Finding small roots of bivariate integer polynomial equations revisited, Advances in Cryptology - EUROCRYPT 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3027 (2004), 492-505.
doi: 10.1007/978-3-540-24676-3_29. |
[9] |
J.-S. Coron and A. May,
Deterministic polynomial-time equivalence of computing the RSA secret key and factoring, Journal of Cryptology, 20 (2007), 39-50.
doi: 10.1007/s00145-006-0433-6. |
[10] |
B. De Weger,
Cryptanalysis of RSA with small prime difference, Appl. Algebra Engrg. Comm. Comput., 13 (2002), 17-28.
doi: 10.1007/s002000100088. |
[11] |
M. Ernst, E. Jochemsz, A. May and B. de Weger,
Partial key exposure attacks on RSA up to full size exponents, Advances in Cryptology - EUROCRYPT 2005, Lecture Notes in Comput. Sci., Springer, Berlin, 3494 (2005), 371-386.
doi: 10.1007/11426639_22. |
[12] |
J. C. Faugère, R. Marinier and G. Renault,
Implicit factoring with shared most significant and middle bits, Public Key Cryptography - PKC 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6056 (2010), 70-87.
doi: 10.1007/978-3-642-13013-7_5. |
[13] |
G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, Fifth edition, The Clarendon Press, Oxford University Press, New York, 1979. |
[14] |
M. Herrmann and A. May,
Maximizing small root bounds by linearization and applications to small secret exponent RSA, Public Key Cryptography - PKC 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6056 (2010), 53-69.
doi: 10.1007/978-3-642-13013-7_4. |
[15] |
N. Howgrave-Graham,
Finding small roots of univariate modular equations revisited, Cryptography and Coding (Cirencester, 1997), Lecture Notes in Comput. Sci., Springer, Berlin, 1355 (1997), 131-142.
doi: 10.1007/BFb0024458. |
[16] |
N. Howgrave-Graham,
Approximate integer common divisors, Cryptography and Lattices (Providence, RI, 2001), Lecture Notes in Comput. Sci., Springer, Berlin, 2146 (2001), 51-66.
doi: 10.1007/3-540-44670-2_6. |
[17] |
A. Joux, Algorithmic Cryptanalysis, Chapman & Hall/CRC Cryptography and Network Security, CRC Press, Boca Raton, FL, 2009.
doi: 10.1201/9781420070033. |
[18] |
S. Kumar and C. Narasimham, Cryptanalysis of RSA with small prime difference using unravelled linearization, International Journal of Computer Applications, 61 (2013). Google Scholar |
[19] |
A. K. Lenstra, H. W. Lenstra and L. Lovász,
Factoring polynomials with rational coefficients, Mathematische Annalen, 261 (1982), 515-534.
doi: 10.1007/BF01457454. |
[20] |
Y. Lu, L. Q. Peng, R. Zhang, L. Hu and D. D. Lin,
Towards optimal bounds for implicit factorization problem, Selected Areas in Cryptography - SAC 2015, Lecture Notes in Comput. Sci., Springer, [Cham], 9566 (2016), 462-476.
doi: 10.1007/978-3-319-31301-6_26. |
[21] |
Y. Lu, R. Zhang and D. Lin,
Improved bounds for the implicit factorization problem, Advances in Mathematics of Communications, 7 (2013), 243-251.
doi: 10.3934/amc.2013.7.243. |
[22] |
Y. Lu, R. Zhang, L. Q. Peng and D. D. Lin,
Solving linear equations modulo unknown divisors: Revisited, Advances in Cryptology - ASIACRYPT 2015. Part Ⅰ, Lecture Notes in Comput. Sci., Springer, Heidelberg, 9452 (2015), 189-213.
doi: 10.1007/978-3-662-48797-6_9. |
[23] |
A. May, New RSA Vulnerabilities Using Lattice Reduction Methods, Dissertation for Ph.D. Degree, University of Paderborn, 2003. Google Scholar |
[24] |
A. May,
Computing the RSA secret key is deterministic polynomial time equivalent to factoring, Advances in Cryptology - CRYPTO 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3152 (2004), 213-219.
doi: 10.1007/978-3-540-28628-8_13. |
[25] |
A. May and M. Ritzenhofen,
Implicit factoring: On polynomial time factoring given only an implicit hint, Public Key Cryptography - PKC 2009, Lecture Notes in Comput. Sci., Springer, Berlin, 5443 (2009), 1-14.
doi: 10.1007/978-3-642-00468-1_1. |
[26] | C. D. Meyer, Matrix Analysis and Applied Linear Algebra, Cambridge University Press, Cambridge, 2000. Google Scholar |
[27] |
H. Minkowski, Geometrie der Zahlen, Bibliotheca Mathematica Teubneriana, Band 40 Johnson Reprint Corp., New York-London, 1968. |
[28] |
A. Nitaj and M. R. K. Ariffin,
Implicit factorization of unbalanced RSA moduli, Journal of Applied Mathematics and Computing, 48 (2015), 349-363.
doi: 10.1007/s12190-014-0806-1. |
[29] |
A. Nitaj,
A new attack on RSA and CRT-RSA, Progress in Cryptology-AFRICACRYPT 2012, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7374 (2012), 221-233.
doi: 10.1007/978-3-642-31410-0_14. |
[30] |
L. Peng, L. Hu, Z. Huang and et al., Partial prime factor exposure attacks on RSA and its Takagi's variant, International Conference on Information Security Practice and Experience-ISPEC 2015, Springer International Publishing, (2015), 96–108. Google Scholar |
[31] |
L. Peng, L. Hu, Y. Lu and et al., Implicit factorization of RSA moduli revisited (short paper), International Workshop on Security-IWSEC 2015, Springer International Publishing, (2015), 67–76. Google Scholar |
[32] |
L. Q. Peng, L. Hu, J. Xu, Z. J. Huang and Y. H. Xie,
Further improvement of factoring RSA moduli with implicit hint, Progress in Cryptology - AFRICACRYPT 2014, Lecture Notes in Comput. Sci., Springer, Cham, 8469 (2014), 165-177.
doi: 10.1007/978-3-319-06734-6_11. |
[33] |
R. L. Rivest, A. Shamir and L. Adleman,
A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, 21 (1978), 120-126.
doi: 10.1145/359340.359342. |
[34] |
S. Sarkar,
Partial key exposure: Generalized framework to attack RSA, Progress in Cryptology - INDOCRYPT 2011, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7107 (2011), 76-92.
doi: 10.1007/978-3-642-25578-6_7. |
[35] |
S. Sarkar, S. Sen Gupta and S. Maitra,
Partial key exposure attack on RSA - improvements for limited lattice dimensions, Progress in Cryptology - INDOCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6498 (2010), 2-16.
doi: 10.1007/978-3-642-17401-8_2. |
[36] |
S. Sarkar and S. Maitra,
Improved partial key exposure attacks on RSA by guessing a few bits of one of the prime factors, Information Security and Cryptology - ICISC 2008, Lecture Notes in Comput. Sci., Springer, Berlin, 5461 (2009), 37-51.
doi: 10.1007/978-3-642-00730-9_3. |
[37] |
S. Sarkar and S. Maitra,
Approximate integer common divisor problem relates to implicit factorization, IEEE Transactions on Information Theory, 57 (2011), 4002-4013.
doi: 10.1109/TIT.2011.2137270. |
[38] |
A. Takayasu and N. Kunihiro,
Partial key exposure attacks on RSA: Achieving the Boneh-Durfee bound, Selected Areas in Cryptography - SAC 2014, Lecture Notes in Comput. Sci., Springer, Cham, 8781 (2014), 345-362.
doi: 10.1007/978-3-319-13051-4_21. |
[39] |
S. Wang, L. Qu, C. Li and et al., Generalized framework to attack RSA with special exposed bits of the private key, IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 100 (2017), 2113-2122. Google Scholar |
[40] |
M. J. Wiener,
Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory, 36 (1990), 553-558.
doi: 10.1109/18.54902. |


IFP with shared MSBs or LSBs | Generalized IFP with shared MSBs or LSBs | ||
(For |
(For any |
||
Results in [25] and [12]: | Results in [28]: | ||
Results in [20]: | Our results: |
IFP with shared MSBs or LSBs | Generalized IFP with shared MSBs or LSBs | ||
(For |
(For any |
||
Results in [25] and [12]: | Results in [28]: | ||
Results in [20]: | Our results: |
|
|||||||||
|
|||||||||
Result in [3,14]: | Result in [30]: | |
(No extra conditions) | ( |
|
Result in [39]: | Our result: | |
( |
( |
Result in [3,14]: | Result in [30]: | |
(No extra conditions) | ( |
|
Result in [39]: | Our result: | |
( |
( |
Case | Bit size | Time(LLL) | |||||||||
MSBs | 6.596 seconds | ||||||||||
MSBs | 7.649 seconds | ||||||||||
MSBs | 116.3 seconds | ||||||||||
LSBs | 27.73 seconds | ||||||||||
LSBs | 35.12 seconds | ||||||||||
LSBs | 88.97 seconds |
Case | Bit size | Time(LLL) | |||||||||
MSBs | 6.596 seconds | ||||||||||
MSBs | 7.649 seconds | ||||||||||
MSBs | 116.3 seconds | ||||||||||
LSBs | 27.73 seconds | ||||||||||
LSBs | 35.12 seconds | ||||||||||
LSBs | 88.97 seconds |
Case | Bit size | Time(LLL) | |||||||
MSBs | 23.14 seconds | ||||||||
MSBs | 48.51 seconds | ||||||||
MSBs | 102.1 seconds | ||||||||
LSBs | 756.2 seconds | ||||||||
LSBs | 65.23 seconds | ||||||||
LSBs | 117.4 seconds |
Case | Bit size | Time(LLL) | |||||||
MSBs | 23.14 seconds | ||||||||
MSBs | 48.51 seconds | ||||||||
MSBs | 102.1 seconds | ||||||||
LSBs | 756.2 seconds | ||||||||
LSBs | 65.23 seconds | ||||||||
LSBs | 117.4 seconds |
Bit size | Time(LLL) | |||||||
40.83 seconds | ||||||||
36.50 seconds | ||||||||
1282 seconds | ||||||||
680.9 seconds | ||||||||
238.9 seconds | ||||||||
225.9 seconds |
Bit size | Time(LLL) | |||||||
40.83 seconds | ||||||||
36.50 seconds | ||||||||
1282 seconds | ||||||||
680.9 seconds | ||||||||
238.9 seconds | ||||||||
225.9 seconds |
[1] |
Henry Cohn, Nadia Heninger. Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding. Advances in Mathematics of Communications, 2015, 9 (3) : 311-339. doi: 10.3934/amc.2015.9.311 |
[2] |
Joan-Josep Climent, Elisa Gorla, Joachim Rosenthal. Cryptanalysis of the CFVZ cryptosystem. Advances in Mathematics of Communications, 2007, 1 (1) : 1-11. doi: 10.3934/amc.2007.1.1 |
[3] |
Christoforidou Amalia, Christian-Oliver Ewald. A lattice method for option evaluation with regime-switching asset correlation structure. Journal of Industrial & Management Optimization, 2021, 17 (4) : 1729-1752. doi: 10.3934/jimo.2020042 |
[4] |
Michele Barbi, Angelo Di Garbo, Rita Balocchi. Improved integrate-and-fire model for RSA. Mathematical Biosciences & Engineering, 2007, 4 (4) : 609-615. doi: 10.3934/mbe.2007.4.609 |
[5] |
Giacomo Micheli. Cryptanalysis of a noncommutative key exchange protocol. Advances in Mathematics of Communications, 2015, 9 (2) : 247-253. doi: 10.3934/amc.2015.9.247 |
[6] |
Matthias Eller. A remark on Littman's method of boundary controllability. Evolution Equations & Control Theory, 2013, 2 (4) : 621-630. doi: 10.3934/eect.2013.2.621 |
[7] |
Christopher M. Kellett. Classical converse theorems in Lyapunov's second method. Discrete & Continuous Dynamical Systems - B, 2015, 20 (8) : 2333-2360. doi: 10.3934/dcdsb.2015.20.2333 |
[8] |
Mikhail Dokuchaev, Guanglu Zhou, Song Wang. A modification of Galerkin's method for option pricing. Journal of Industrial & Management Optimization, 2021 doi: 10.3934/jimo.2021077 |
[9] |
Lars Grüne, Peter E. Kloeden, Stefan Siegmund, Fabian R. Wirth. Lyapunov's second method for nonautonomous differential equations. Discrete & Continuous Dynamical Systems, 2007, 18 (2&3) : 375-403. doi: 10.3934/dcds.2007.18.375 |
[10] |
Darya V. Verveyko, Andrey Yu. Verisokin. Application of He's method to the modified Rayleigh equation. Conference Publications, 2011, 2011 (Special) : 1423-1431. doi: 10.3934/proc.2011.2011.1423 |
[11] |
Christopher Bose, Rua Murray. The exact rate of approximation in Ulam's method. Discrete & Continuous Dynamical Systems, 2001, 7 (1) : 219-235. doi: 10.3934/dcds.2001.7.219 |
[12] |
Bernd Hofmann, Barbara Kaltenbacher, Elena Resmerita. Lavrentiev's regularization method in Hilbert spaces revisited. Inverse Problems & Imaging, 2016, 10 (3) : 741-764. doi: 10.3934/ipi.2016019 |
[13] |
Pavel Eichler, Radek Fučík, Robert Straka. Computational study of immersed boundary - lattice Boltzmann method for fluid-structure interaction. Discrete & Continuous Dynamical Systems - S, 2021, 14 (3) : 819-833. doi: 10.3934/dcdss.2020349 |
[14] |
Zhonghua Qiao, Xuguang Yang. A multiple-relaxation-time lattice Boltzmann method with Beam-Warming scheme for a coupled chemotaxis-fluid model. Electronic Research Archive, 2020, 28 (3) : 1207-1225. doi: 10.3934/era.2020066 |
[15] |
Subhabrata Samajder, Palash Sarkar. Another look at success probability of linear cryptanalysis. Advances in Mathematics of Communications, 2019, 13 (4) : 645-688. doi: 10.3934/amc.2019040 |
[16] |
Rua Murray. Ulam's method for some non-uniformly expanding maps. Discrete & Continuous Dynamical Systems, 2010, 26 (3) : 1007-1018. doi: 10.3934/dcds.2010.26.1007 |
[17] |
David Blázquez-Sanz, Juan J. Morales-Ruiz. Lie's reduction method and differential Galois theory in the complex analytic context. Discrete & Continuous Dynamical Systems, 2012, 32 (2) : 353-379. doi: 10.3934/dcds.2012.32.353 |
[18] |
Jiangxing Wang. Convergence analysis of an accurate and efficient method for nonlinear Maxwell's equations. Discrete & Continuous Dynamical Systems - B, 2021, 26 (5) : 2429-2440. doi: 10.3934/dcdsb.2020185 |
[19] |
R. Baier, M. Dellnitz, M. Hessel-von Molo, S. Sertl, I. G. Kevrekidis. The computation of convex invariant sets via Newton's method. Journal of Computational Dynamics, 2014, 1 (1) : 39-69. doi: 10.3934/jcd.2014.1.39 |
[20] |
Jutta Bikowski, Jennifer L. Mueller. 2D EIT reconstructions using Calderon's method. Inverse Problems & Imaging, 2008, 2 (1) : 43-61. doi: 10.3934/ipi.2008.2.43 |
2019 Impact Factor: 0.734
Tools
Article outline
Figures and Tables
[Back to Top]