Substantiation of correctness and advantages of Lenstra factorization method on Edwards curves

Lyudmyla Kovalchuk,Nataliia Kuchynska,Vasyl Tsurkan,Artem Zhylin,Oleksij Bespalov,Polina Seliukh

doi:10.15587/1729-4061.2018.151090

Abstract

The factorization problem, which is the basis for many classical asymmetric cryptosystems (RSA, Rabin, and others) and a cryptographically strong generator of pseudo-random sequences (PBS), has been investigated in this paper. The methods that served as prototypes for the Lenstra method were described, the method for factorization of numbers, which is analogous to the Lenstra method on Edwards curves, has been proposed. To substantiate the correctness of the method, an appropriate mathematical apparatus was developed. In addition, an analog of the Lenstra method on Edwards curves was constructed with the use of the presented apparatus; the appropriate algorithm for the factorization of numbers was designed. The correctness of the method and correctness of the algorithm operation were substantiated mathematically; the top analytical estimates of its performance speed, as well as the lower estimates of success probability, have been strictly proved. The advantages of the developed method in comparison with the classical Lenstra method, which applies elliptic curves in the Weierstrass form, were presented and strictly substantiated. A comparative analysis of the new and the classical algorithms was performed. Results of the research provided a strict proof that the new algorithm on full Edwards curves, in comparison with the classic one, has some advantages in terms of performance speed, by about 1.5 times. The presented experimental results show that the performance speed increases even larger (by up to 30 per cent) in case the twisted and quadratic curves are used instead of full Edwards curves. It was shown that the assessment of probability of success of the new method increases due to the emergence of new conditions that lead to success of the algorithm that are not satisfied for the classical Lenstra algorithm on Weierstrass curves. The obtained results make it possible to decrease the time required for solving the problem on factorization by approximately 1.5 times, and thus, enable the faster breaking of cryptosystems whose stability is based on this problem

Highlights

The problems of information security that exist at present are solved by the methods and algorithms, the cryptographic resistance of which is based, on the complexity of solution to the factorization problem – the search for a nontrivial divisor for a large number
The Lenstra method [4,5,6,7,8] is one of the fastest general methods of integer number factorization. It can be used both as a separate factorization method, and as one of the stages of the “sifting” methods, which are the fastest factorization methods [9,10,11]. This algorithm uses the elliptic curve over the rational numbers field and some its reduction by the integer modulo, and requires about 2log2k additions of the points of this curve, where k is the algorithm parameter, the choice of which defones the probability of success of the algorithm
It should be noted that the classic Lenstra algorithm is based on some property of elliptic curves in the Weierstrass form, which is absent for Edwards curve

Summary

Zhylin PhD

Institute of Foreign Intelligence Service of Ukraine Bulvarno-Kudriavska str., 11, Kyiv, Ukraine, 04053 Institute of Physics and Technology**** ***Institute of Special Communication and Information Security**** ****National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute" Peremohy ave., 37, Kyiv, Ukraine, 03056

Introduction

Literature review and problem statement

The aim and objectives of the investigations

Discussion of the characteristics and advantages of the constructed algorithm

Conclusions