Rounding and Chaining LLL: Finding Faster Small Roots of Univariate Polynomial Congruences

Jingguo Bi 1, 2 Jean-Sébastien Coron 3 Jean-Charles Faugère 4 Phong Q. Nguyen 1, 2 Guénaël Renault 4 Rina Zeitoun 4, 5
1 Institute for Advanced Study [Tsinghua]
2 CRYPT - Cryptanalyse
LIAMA - Laboratoire Franco-Chinois d'Informatique, d'Automatique et de Mathématiques Appliquées, Inria Paris-Rocquencourt
3 Uni.lu - Université du Luxembourg
4 PolSys - Polynomial Systems
LIP6 - Laboratoire d'Informatique de Paris 6, Inria Paris-Rocquencourt
5 Oberthur Card Systems - Puteaux
Abstract : In a seminal work at EUROCRYPT '96, Coppersmith showed how to find all small roots of a univariate polynomial congruence in polynomial time: this has found many applications in public-key cryptanalysis and in a few security proofs. However, the running time of the algorithm is a high-degree polynomial, which limits experiments: the bottleneck is an LLL reduction of a high-dimensional matrix with extra-large coefficients. We present in this paper the first significant speedups over Coppersmith's algorithm. The first speedup is based on a special property of the matrices used by Coppersmith's algorithm, which allows us to provably speed up the LLL reduction by rounding, and which can also be used to improve the complexity analysis of Coppersmith's original algorithm. The exact speedup depends on the LLL algorithm used: for instance, the speedup is asymptotically quadratic in the bit-size of the small-root bound if one uses the Nguyen-Stehlé L2 algorithm. The second speedup is heuristic and applies whenever one wants to enlarge the root size of Coppersmith's algorithm by exhaustive search. Instead of performing several LLL reductions independently, we exploit hidden relationships between these matrices so that the LLL reductions can be somewhat chained to decrease the global running time. When both speedups are combined, the new algorithm is in practice hundreds of times faster for typical parameters.
Keywords : RSA LLL Small Roots of Polynomial Equations Coppersmith's Algorithm
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [20 references]  Display  Hide  Download
https://hal.inria.fr/hal-00926902
Contributor : Guénaël Renault <>
Submitted on : Friday, January 10, 2014 - 2:28:31 PM
Last modification on : Thursday, April 11, 2019 - 2:34:03 PM
Document(s) archivé(s) le : Thursday, April 10, 2014 - 11:30:08 PM

File

PKC14_Copp.pdf
Files produced by the author(s)

Identifiers

Collections

INRIA | LIAMA | LIP6 | UPMC | CIRAD | INRA | INRIA-ROCQ | SORBONNE-UNIVERSITE | SU-SCIENCES

Citation

Jingguo Bi, Jean-Sébastien Coron, Jean-Charles Faugère, Phong Q. Nguyen, Guénaël Renault, et al.. Rounding and Chaining LLL: Finding Faster Small Roots of Univariate Polynomial Congruences. PKC 2014 - 17th IACR International Conference on Practice and Theory of Public-Key Cryptography, Mar 2014, Buenos Aires, Argentina. pp.185-202, ⟨10.1007/978-3-642-54631-0_11⟩. ⟨hal-00926902⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

846

Files downloads

399

Contact


archive-ouverte@inria.fr