easing coppersmith methods using analytic combinatorics
play

Easing Coppersmith Methods using Analytic Combinatorics: - PowerPoint PPT Presentation

Jul 24, 2023 •132 likes •797 views

Easing Coppersmith Methods using Analytic Combinatorics: Applications to Public-Key Cryptography with Weak Pseudorandomness Fabrice Benhamouda , Cline Chevalier, Adrian Thillard, and Damien Vergnaud cole normale suprieure, CNRS, INRIA,

  1. Easing Coppersmith Methods using Analytic Combinatorics: Applications to Public-Key Cryptography with Weak Pseudorandomness Fabrice Benhamouda , Céline Chevalier, Adrian Thillard, and Damien Vergnaud École normale supérieure, CNRS, INRIA, PSL, Université Panthéon-Assas, ANSSI, Paris, France R E S E A R C H U N I V E R S I T Y PKC 2016, Taipei, Taiwan

  2. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; small roots of bivariate polynomials [Cop96a]; Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  3. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; e.g., decrypt RSA with known plaintext MSB β : ( 2 k · β + x ) e mod N = c with | x | ≤ 2 k small roots of bivariate polynomials [Cop96a]; Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  4. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; e.g., decrypt RSA with known plaintext MSB β : ( 2 k · β + x ) e mod N = c with | x | ≤ 2 k extension of small plaintext: x e mod N = c ; small roots of bivariate polynomials [Cop96a]; Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  5. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; e.g., decrypt RSA with known plaintext MSB β : ( 2 k · β + x ) e mod N = c with | x | ≤ 2 k extension of small plaintext: x e mod N = c ; small roots of bivariate polynomials [Cop96a]; e.g., factorizing with known primes MSB: ( 2 k · α + x ) · ( 2 k · β + y ) = N with | x | , | y | ≤ 2 k Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  6. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; e.g., decrypt RSA with known plaintext MSB β : ( 2 k · β + x ) e mod N = c with | x | ≤ 2 k extension of small plaintext: x e mod N = c ; small roots of bivariate polynomials [Cop96a]; e.g., factorizing with known primes MSB: ( 2 k · α + x ) · ( 2 k · β + y ) = N with | x | , | y | ≤ 2 k Further extensions: more variables [HG97, BM05, JM06]; multiple polynomials and moduli [MR08, MR09, Rit10]. Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  7. Introduction Analytic Combinatorics Application Coppersmith Methods Quick History Introduced by Coppersmith in 1996 to find: small roots of univariate modular polynomials [Cop96b]; e.g., decrypt RSA with known plaintext MSB β : ( 2 k · β + x ) e mod N = c with | x | ≤ 2 k extension of small plaintext: x e mod N = c ; small roots of bivariate polynomials [Cop96a]; e.g., factorizing with known primes MSB: ( 2 k · α + x ) · ( 2 k · β + y ) = N with | x | , | y | ≤ 2 k Further extensions: more variables [HG97, BM05, JM06]; multiple polynomials and moduli [MR08, MR09][Rit10]. Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 2 / 18

  8. Introduction Analytic Combinatorics Application Coppersmith Methods Goal Solve:  f 1 ( x 1 , . . . , x n ) = 0 mod N 1   .  . .   f s ( x 1 , . . . , x n ) = 0 mod N s  with | x 1 | ≤ X 1 | x n | ≤ X n . . . Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 3 / 18

  9. Introduction Analytic Combinatorics Application Coppersmith Methods Goal Solve:  f 1 ( x 1 , . . . , x n ) = 0 mod N 1   .  . .   f s ( x 1 , . . . , x n ) = 0 mod N s  with | x 1 | ≤ X 1 | x n | ≤ X n . . . Question: which bounds X 1 , . . . , X n work? Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 3 / 18

  10. Introduction Analytic Combinatorics Application Coppersmith Methods Overview 1 Construction of polynomials ˜ f i , j such that: mod N k i , j ˜ f i , j ( x 1 , . . . , x n ) = 0 i for any original solution ( x 1 , . . . , x n ) . Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 4 / 18

  11. Introduction Analytic Combinatorics Application Coppersmith Methods Overview 1 Construction of polynomials ˜ f i , j such that: mod N k i , j ˜ f i , j ( x 1 , . . . , x n ) = 0 i for any original solution ( x 1 , . . . , x n ) . 2 Use LLL to find an integer system:  g 1 ( x 1 , . . . , x n ) = 0   .  . .   g n ( x 1 , . . . , x n ) = 0  such that: any original solution is satisfied; 1 it has only a finite number of solutions. 2 Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 4 / 18

  12. Introduction Analytic Combinatorics Application Coppersmith Methods Overview 1 Construction of polynomials ˜ f i , j such that: mod N k i , j ˜ f i , j ( x 1 , . . . , x n ) = 0 i for any original solution ( x 1 , . . . , x n ) . 2 Use LLL to find an integer system:  g 1 ( x 1 , . . . , x n ) = 0   .  . .   g n ( x 1 , . . . , x n ) = 0  such that: any original solution is satisfied; 1 it has only a finite number of solutions. 2 3 Solve the system (using Groebner basis). Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 4 / 18

  13. Introduction Analytic Combinatorics Application Coppersmith Methods Condition and Combinatorics Success condition = combinatorial condition on the number of polynomials ˜ f i , j the number of monomials in ˜ f i , j the moduli N k i , j i the bounds X i Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 5 / 18

  14. Introduction Analytic Combinatorics Application Coppersmith Methods Condition and Combinatorics Success condition = combinatorial condition on the number of polynomials ˜ f i , j the number of monomials in ˜ f i , j the moduli N k i , j i the bounds X i Complexity: idem Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 5 / 18

  15. Introduction Analytic Combinatorics Application Coppersmith Methods Condition and Combinatorics Success condition = combinatorial condition on the number of polynomials ˜ f i , j the number of monomials in ˜ f i , j the moduli N k i , j i the bounds X i Complexity: idem Difficult to compute when s and n non-constant Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 5 / 18

  16. Introduction Analytic Combinatorics Application Coppersmith Methods Condition and Combinatorics Success condition = combinatorial condition on the number of polynomials ˜ f i , j the number of monomials in ˜ f i , j the moduli N k i , j i the bounds X i Complexity: idem Difficult to compute when s and n non-constant Our solution Use analytic combinatorics! Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 5 / 18

  17. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  18. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  19. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  20. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  21. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 w 1 Output Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  22. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 w 1 Output Update Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  23. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 w 1 Output Update v 2 Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  24. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 w 1 Output Update v 2 w 2 Output Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  25. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output Update v 1 w 1 Output Update v 2 w 2 Output . . . Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

  26. Introduction Analytic Combinatorics Application Pseudorandom Generator (PRG) v 0 w 0 Output ≈ $ Update v 1 w 1 Output ≈ $ Update v 2 w 2 Output ≈ $ . . . Fabrice Benhamouda (ENS) Coppersmith and Analytic Combinatorics PKC 2016 6 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

5. Analytic Combinatorics http://aofa.cs.princeton.edu Analytic combinatorics is a calculus for

5. Analytic Combinatorics http://aofa.cs.princeton.edu Analytic combinatorics is a calculus for

A N A L Y T I C C O M B I N A T O R I C S P A R T O N E 5. Analytic Combinatorics http://aofa.cs.princeton.edu Analytic combinatorics is a calculus for the quantitative study of large combinatorial structures. Features : Analysis begins

1.26k views • 64 slides
A . Symbolic Methods Philippe Flajolet, INRIA, Rocquencourt http://algo.inria.fr/flajolet ., 2007

A . Symbolic Methods Philippe Flajolet, INRIA, Rocquencourt http://algo.inria.fr/flajolet ., 2007

Santiago de Chile DEC 2006 SINGULAR COMBINATORICS A . Symbolic Methods Philippe Flajolet, INRIA, Rocquencourt http://algo.inria.fr/flajolet ., 2007 + . Based on Analytic Combinatorics , Flajolet & Sedgewick, C.U.P 1 ANALYTIC COMBINATORICS

1.02k views • 100 slides
Analytic Combinatorics A Calculus of Discrete Structures Philippe Flajolet INRIA

Analytic Combinatorics A Calculus of Discrete Structures Philippe Flajolet INRIA

Part A. SYMBOLIC METHODS Part B. Complex asymptotics Part C. Distributions Part D. Frontiers Analytic Combinatorics A Calculus of Discrete Structures Philippe Flajolet INRIA Rocquencourt, France SODA07 , New Orleans, January 2007 1 / 38

851 views • 38 slides
Analytic Combinatorics in Several Variables Robin Pemantle and Mark Wilson A of A conference, 30

Analytic Combinatorics in Several Variables Robin Pemantle and Mark Wilson A of A conference, 30

Analytic Combinatorics in Several Variables Robin Pemantle and Mark Wilson A of A conference, 30 May, 2013 Pemantle Analytic Combinatorics in Several Variables About the book Pemantle Analytic Combinatorics in Several Variables Pemantle

1.23k views • 89 slides
Lets do some Computer Algebra and Combinatorics! SYMBOLIC-NUMERIC TOOLS FOR ANALYTIC

Lets do some Computer Algebra and Combinatorics! SYMBOLIC-NUMERIC TOOLS FOR ANALYTIC

SYMBOLIC-NUMERIC TOOLS FOR ANALYTIC COMBINATORICS IN SEVERAL VARIABLES Stephen Melczer ENS Lyon / Inria & University of Waterloo Joint work with Bruno Salvy Lets do some Computer Algebra and Combinatorics! SYMBOLIC-NUMERIC TOOLS

489 views • 38 slides
7. Applications of Singularity Analysis http://ac.cs.princeton.edu Analytic combinatorics

7. Applications of Singularity Analysis http://ac.cs.princeton.edu Analytic combinatorics

A N A L Y T I C C O M B I N A T O R I C S P A R T T W O 7. Applications of Singularity Analysis http://ac.cs.princeton.edu Analytic combinatorics overview specification A. SYMBOLIC METHOD 1. OGFs 2. EGFs GF equation 3. MGFs

725 views • 59 slides
Plan for second half of the course Lectures from Analytic Combinatorics One or two lectures,

Plan for second half of the course Lectures from Analytic Combinatorics One or two lectures,

Plan for second half of the course Lectures from Analytic Combinatorics One or two lectures, posted weekly. Emphasis on lectures, with reference to the book. More creative exercises May require code. (Slightly) more emphasis on

247 views • 11 slides
On (un)-balanced Plya urns: Analytic Combinatorics strikes again Basile Morcrette May, 30

On (un)-balanced Plya urns: Analytic Combinatorics strikes again Basile Morcrette May, 30

On (un)-balanced Plya urns: Analytic Combinatorics strikes again Basile Morcrette May, 30 AofA 2013, Spain Dedicated to Philippe Flajolet. 1/16 Knuths strings Start with m loops in a box. At each step, pick one at random, cut it and

779 views • 31 slides
Generating Function Computations in Probability and Combinatorics Robin Pemantle ICERM tutorial,

Generating Function Computations in Probability and Combinatorics Robin Pemantle ICERM tutorial,

Overview of generating functions and the base case Rate functions and methods of computational algebra Analytic methods for sharp asymptotics Generating Function Computations in Probability and Combinatorics Robin Pemantle ICERM tutorial,

1.99k views • 188 slides
Data Stream Analysis: a (new) triumph for Analytic Combinatorics Dedicated to the memory of

Data Stream Analysis: a (new) triumph for Analytic Combinatorics Dedicated to the memory of

Data Stream Analysis: a (new) triumph for Analytic Combinatorics Dedicated to the memory of Philippe Flajolet (1948-2011) Conrado Martnez Universitat Politcnica de Catalunya ALEA in Europe Workshop, Vienna (Austria) October 2017 Outline

1.67k views • 150 slides
Analytic combinatorics of chord and hyperchord diagrams with k crossings Vincent Pilaud Juanjo

Analytic combinatorics of chord and hyperchord diagrams with k crossings Vincent Pilaud Juanjo

Analytic combinatorics of chord and hyperchord diagrams with k crossings Vincent Pilaud Juanjo Ru CNRS & LIX, FU Berlin cole Polytechnique AofA14, Paris Planar chord configurations Structural properties The simplicial complex of

650 views • 32 slides
3. Combinatorial Parameters and MGFs http://ac.cs.princeton.edu Analytic combinatorics

3. Combinatorial Parameters and MGFs http://ac.cs.princeton.edu Analytic combinatorics

A N A L Y T I C C O M B I N A T O R I C S P A R T T W O 3. Combinatorial Parameters and MGFs http://ac.cs.princeton.edu Analytic combinatorics overview specification A. SYMBOLIC METHOD 1. OGFs 2. EGFs GF equation 3. MGFs SYMBOLIC

969 views • 64 slides
Plya Urns An analytic combinatorics approach Basile Morcrette Algorithms project, INRIA

Plya Urns An analytic combinatorics approach Basile Morcrette Algorithms project, INRIA

Plya Urns An analytic combinatorics approach Basile Morcrette Algorithms project, INRIA Rocquencourt. LIP6, UPMC CALIN Seminar 07/02/2012 1/35 Outline 1. Urn model 2. An exact approach boolean formulas 3. Singularity analysis family of

985 views • 63 slides
Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work

Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work

Urn models Ehrenfest and Mabinogion Friedman and OK-Corral Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work with Thierry Huillet and Vincent Puyhaubert ALEA08 , Maresias, Brazil, April 2008 1

315 views • 20 slides
Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work

Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work

Urn models Ehrenfest and Mabinogion Friedman and OK-Corral Analytic Combinatorics of the Mabinogion and OK-Corral Urns Philippe Flajolet Based on joint work with Thierry Huillet and Vincent Puyhaubert ALEA08 , Maresias, Brazil, April 2008 1

518 views • 27 slides
2. Labelled structures and EGFs http://ac.cs.princeton.edu Analytic combinatorics overview

2. Labelled structures and EGFs http://ac.cs.princeton.edu Analytic combinatorics overview

A N A L Y T I C C O M B I N A T O R I C S P A R T T W O 2. Labelled structures and EGFs http://ac.cs.princeton.edu Analytic combinatorics overview specification A. SYMBOLIC METHOD 1. OGFs 2. EGFs GF equation 3. MGFs SYMBOLIC

842 views • 81 slides
Strichartz estimates for the wave equation in convex domains Oana Ivanovici Gilles Lebeau

Strichartz estimates for the wave equation in convex domains Oana Ivanovici Gilles Lebeau

Strichartz estimates for the wave equation in convex domains Oana Ivanovici Gilles Lebeau Fabrice Planchon Laboratoire Jean-Alexandre Dieudonn e Universit e de Nice Sophia-Antipolis Monastir June 2013 The wave equation ( , g ) =

712 views • 21 slides
srrt s

srrt s

srrt s rs ss rt ts r r

740 views • 35 slides
Invariants for gapped ground state phases in dimensions one and higher 1 Bruno Nachtergaele (UC

Invariants for gapped ground state phases in dimensions one and higher 1 Bruno Nachtergaele (UC

1 ESI, September 12, 2014 Invariants for gapped ground state phases in dimensions one and higher 1 Bruno Nachtergaele (UC Davis) joint work with Sven Bachmann (LMU, Munich) 1 Based on work supported by the National Science Foundation

296 views • 29 slides
SLDG schemes for 1st and 2nd order PDEs Olivier Bokanowski Laboratory Jacques Louis Lions (Paris

SLDG schemes for 1st and 2nd order PDEs Olivier Bokanowski Laboratory Jacques Louis Lions (Paris

SLDG schemes for 1st and 2nd order PDEs Olivier Bokanowski Laboratory Jacques Louis Lions (Paris 6) University Paris-Diderot (Paris 7) Commands (INRIA Saclay / Ensta ParisTech) Joint work with G. Simarmata (Rabobank, Netherlands) HYP 2012,

1.04k views • 86 slides
fi fi Finnish Centre of Excellence in Inverse Problems Research Outline: Inverse

fi fi Finnish Centre of Excellence in Inverse Problems Research Outline: Inverse

Scattering in complex geometrical optics and the inverse problem for the conductivity equation Matti Lassas University of Helsinki In collaboration with Allan Greenleaf Matteo Santacesaria Samuli Siltanen Gunther Uhlmann fi fi Finnish

392 views • 37 slides
Iterative methods for Image Processing Lothar Reichel Como, May 2018. Lecture 2: Tikhonov

Iterative methods for Image Processing Lothar Reichel Como, May 2018. Lecture 2: Tikhonov

Iterative methods for Image Processing Lothar Reichel Como, May 2018. Lecture 2: Tikhonov regularization and truncated SVD for large-scale problems. Outline of Lecture 2: Small to moderately-sized problems Tikhonov regularization in

1.04k views • 77 slides
Starting Practice Jolie Chang, MD Assistant Professor Department of Otolaryngology, Head and

Starting Practice Jolie Chang, MD Assistant Professor Department of Otolaryngology, Head and

11/6/2014 Disclosures None Starting Practice Jolie Chang, MD Assistant Professor Department of Otolaryngology, Head and Neck Surgery University of California, San Francisco November 6, 2014 Department of Otolaryngology Department of

310 views • 6 slides
Hammond and Axelrods model is not useful for studying ethnocentrism The Segregation Model

Hammond and Axelrods model is not useful for studying ethnocentrism The Segregation Model

Fredrik Jansson Hammond and Axelrods model is not useful for studying ethnocentrism The Segregation Model Schelling 1971 ncase.me/polygons The Segregation Model The Segregation Model The Dissemination of Culture Model Axelrod 1997 The

589 views • 26 slides

More recommend