Abstract
In this paper we address two different problems related with the factorization of an RSA (Rivest–Shamir–Adleman cryptosystem) modulus N. First we show that factoring is equivalent, in deterministic polynomial time, to counting points on a pair of twisted Elliptic curves modulo N. The second problem is related with malleability. This notion was introduced in 2006 by Pailler and Villar, and deals with the question of whether or not the factorization of a given number N becomes substantially easier when knowing the factorization of another one N′ relatively prime to N. Despite the efforts done up to now, a complete answer to this question was unknown. Here we settle the problem affirmatively. To construct a particular N′ that helps the factorization of N, we use the number of points of a single elliptic curve modulo N. Coppersmith’s algorithm allows us to go from the factors of N′ to the factors of N in polynomial time.
Highlights
There is no need to explain the importance of secure digital communication today
Even though the most efficient factorization algorithm is the general number field sieve, which works in subexponential running time, the future seems to lead us to quantum computation, where the improvement is dramatic
Given any RSA modulus N, we prove the existence of a polynomial time reduction algorithm from factoring N to factoring certain explicit numbers N 0, all relatively prime to
Summary
There is no need to explain the importance of secure digital communication today. We are using computers for military purposes, politics, electronic payments, voting and, lately, even for taking sharing decisions via blockchain. We address precisely this question and give an affirmative answer to the malleability of the problem of factoring by showing a number of the same size of N in which factorization allows us to factor N with an algorithm that runs in polynomial time To achieve this goal, we will use very basic facts from the theory of elliptic curves. Given N and the number of points of any elliptic curve modulo N, E, and of one of its twists Ed , with (d, N ) = 1, so that the three integers | E(Z/N Z)|, N and | Ed (Z/N Z)| are all distinct, we can factor N in deterministic polynomial time The proof of this result relies in proving a rather elementary new lemma, Lemma 1, that, even though it is remarkably simple, it was not in the literature so far. The structure of the paper goes as follows: In Section 2, we prove Theorem 1, while Section 3 is dedicated to the problem of malleability of factoring
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
