HOME

TheInfoList



Click Here for Items Related To - Coppersmith Method
OR:
Coppersmith Method on:   [Wikipedia]   [Google]   [Amazon]

The Coppersmith method, proposed by
Don Coppersmith Don Coppersmith (born 1950) is a cryptographer and mathematician. He was involved in the design of the Data Encryption Standard block cipher at IBM, particularly the design of the S-boxes, strengthening them against differential cryptanalysis. ...
, is a method to find small integer zeroes of univariate or bivariate
polynomial In mathematics, a polynomial is an expression consisting of indeterminates (also called variables) and coefficients, that involves only the operations of addition, subtraction, multiplication, and positive-integer powers of variables. An ex ...
s modulo a given integer. The method uses the
Lenstra–Lenstra–Lovász lattice basis reduction algorithm The Lenstra–Lenstra–Lovász (LLL) lattice basis reduction algorithm is a polynomial time lattice reduction algorithm invented by Arjen Lenstra, Hendrik Lenstra and László Lovász in 1982. Given a basis \mathbf = \ with ''n''-dimensional ...
(LLL) to find a polynomial that has the same zeroes as the target polynomial but smaller coefficients. In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, the Coppersmith method is mainly used in attacks on
RSA RSA may refer to: Organizations Academia and education * Rabbinical Seminary of America, a yeshiva in New York City *Regional Science Association International (formerly the Regional Science Association), a US-based learned society *Renaissance S ...
when parts of the
secret key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
are known and forms a base for Coppersmith's attack.


Approach

Coppersmith's approach is a reduction of solving modular polynomial equations to solving polynomials over the integers. Let F(x) = x^n+a_x^+\ldots +a_1x+a_0 and assume that F(x_0)\equiv 0 \pmod for some integer , x_0, < M^. Coppersmith’s algorithm can be used to find this integer solution x_0. Finding roots over is easy using, e.g.,
Newton's method In numerical analysis, Newton's method, also known as the Newton–Raphson method, named after Isaac Newton and Joseph Raphson, is a root-finding algorithm which produces successively better approximations to the roots (or zeroes) of a real ...
, but such an algorithm does not work modulo a composite number . The idea behind Coppersmith’s method is to find a different polynomial related to that has the same root x_0 modulo , but has only small coefficients. If the coefficients and x_0 are small enough that , f(x_0), < M over the integers, then we have f(x_0) = 0, so that x_0 is a root of over and can be found easily. More generally, we can find a polynomial f(x) with the same root x_0 modulo some power M^a of , satisfying , f(x_0), < M^a, and solve for x_0 as above. Coppersmith's algorithm uses the
Lenstra–Lenstra–Lovász lattice basis reduction algorithm The Lenstra–Lenstra–Lovász (LLL) lattice basis reduction algorithm is a polynomial time lattice reduction algorithm invented by Arjen Lenstra, Hendrik Lenstra and László Lovász in 1982. Given a basis \mathbf = \ with ''n''-dimensional ...
(LLL) to construct the polynomial with small coefficients. Given , the algorithm constructs polynomials p_1(x), p_2(x), \dots, p_n(x) that all have the same root x_0 modulo M^a, where is some integer chosen based on the degree of and the size of x_0. Any linear combination of these polynomials also has x_0 as a root modulo M^a. The next step is to use the LLL algorithm to construct a linear combination f(x)=\sum c_ip_i(x) of the p_i(x) so that the inequality , f(x_0), < M^a holds. Now standard factorization methods can calculate the zeroes of f(x) over the integers.


Implementations

Coppersmith's method for univariate polynomials is implemented in *
Magma Magma () is the molten or semi-molten natural material from which all igneous rocks are formed. Magma is found beneath the surface of the Earth, and evidence of magmatism has also been discovered on other terrestrial planets and some natura ...
as the function SmallRoots; *
PARI/GP PARI/GP is a computer algebra system with the main aim of facilitating number theory computations. Versions 2.1.0 and higher are distributed under the GNU General Public License. It runs on most common operating systems. System overview The P ...
as the function zncoppersmith; *
SageMath SageMath (previously Sage or SAGE, "System for Algebra and Geometry Experimentation") is a computer algebra system (CAS) with features covering many aspects of mathematics, including algebra, combinatorics, graph theory, numerical analysis, nu ...
as the method small_roots.


References

* * * * * {{DEFAULTSORT:Coppersmith Method Asymmetric-key algorithms 1996 introductions