Let N = pq be the product of two large primes. Consider Chinese remainder theorem-Rivest, Shamir, Adleman (CRT-RSA) with the public encryption exponent e and private decryption exponents d(p), d(q). It is well known t...
详细信息
Let N = pq be the product of two large primes. Consider Chinese remainder theorem-Rivest, Shamir, Adleman (CRT-RSA) with the public encryption exponent e and private decryption exponents d(p), d(q). It is well known that given any one of d(p) or d(q) (or both) one can factorise N in probabilistic poly(log N) time with success probability almost equal to 1. Though this serves all the practical purposes, from theoretical point of view, this is not a deterministic polynomial time algorithm. In this paper, we present a lattice-based deterministic poly(log N) time algorithm that uses both d(p), d(q) (in addition to the public information e, N) to factorise N for certain ranges of d(p), d(q). We like to stress that proving the equivalence for all the values of d(p), d(q) may be a nontrivial task.
For any real a > 0 we determine the supremum of the real sigma such that zeta(sigma + it) = a for some real t. For 0 1 the results turn out to be quite different. We also determine the supremum E of the real parts...
详细信息
For any real a > 0 we determine the supremum of the real sigma such that zeta(sigma + it) = a for some real t. For 0 < a < 1, a = 1, and a > 1 the results turn out to be quite different. We also determine the supremum E of the real parts of the 'turning points', that is points sigma + it where a curve lm zeta(sigma + it) = 0 has a vertical tangent. This supremum E (also considered by Titchmarsh) coincides with the supremum of the real sigma such that zeta'(sigma + it) = 0 for some real t. We find a surprising connection between the three indicated problems: zeta(s) = 1, zeta'(s) = 0 and turning points of zeta(s). The almost extremal values for these three problems appear to be located at approximately the same height. (C) 2012 Elsevier Inc. All right reserved.
Lattice reduction (LR) technique is well known for its capability of improving MIMO detection performance. Nevertheless, the complexity increases significantly when LR is applied to all sub-carriers in the orthogonal-...
详细信息
ISBN:
(纸本)9781457717284;9781457717291
Lattice reduction (LR) technique is well known for its capability of improving MIMO detection performance. Nevertheless, the complexity increases significantly when LR is applied to all sub-carriers in the orthogonal-frequency division-multiplexing (OFDM) system. To address this issue, this research proposes an interpolation-based preprocessing architecture for LR-aided MIMO-OFDM system. The proposed architecture combines the interpolation-based QR decomposition and grouping architecture to decrease the iteration loops of LR by adopting lattice matrix of adjacent sub-carrier. The experiment compares the BER performance of the proposed method with those of other works in the channel of the 3GPP-LTE system. The experimental results show that the proposed LR architecture not only shortens latency but also reduce computational complexity and hardware cost for MIMO-OFDM systems.
The lll algorithm has received a lot of attention as an effective numerical tool for preconditioning an integer least squares problem. However, the workings of the algorithm are not well understood. In this paper, we ...
详细信息
The lll algorithm has received a lot of attention as an effective numerical tool for preconditioning an integer least squares problem. However, the workings of the algorithm are not well understood. In this paper, we present a new way to look at the lll reduction, which leads to a new implementation method that performs better than the original lll scheme. (c) 2007 Elsevier Inc. All rights reserved.
Number-theoretic pseudorandom generators work by iterating an algebraic map F (public or private) over a residue ring Z(N) on a secret random initial seed value v 0 is an element of Z(N) to compute values v(n+1) - F(v...
详细信息
ISBN:
(纸本)9783642300578;9783642300561
Number-theoretic pseudorandom generators work by iterating an algebraic map F (public or private) over a residue ring Z(N) on a secret random initial seed value v 0 is an element of Z(N) to compute values v(n+1) - F(v(n)) mod N for n is an element of N. They output some consecutive bits of the state value v(n) at each iteration and their efficiency and security are thus strongly related to the number of output bits. In 2005, Blackburn, Gomez-Perez, Gutierrez and Shparlinski proposed a deep analysis on the security of such generators. In this paper, we revisit the security of number-theoretic generators by proposing better attacks based on Coppersmith's techniques for finding small roots on polynomial equations. Using intricate constructions, we are able to significantly improve the security bounds obtained by Blackburn et al..
In this paper,we study the RSA cryptosystem with low public key e =Nα and constrained private key d Let μ be a small integer and d ≡ d'modeμ When d' =eγ is sufficiently small and 0 ≤ γ ≤μ-1/8a(1+√9 +...
详细信息
In this paper,we study the RSA cryptosystem with low public key e =Nα and constrained private key d Let μ be a small integer and d ≡ d'modeμ When d' =eγ is sufficiently small and 0 ≤ γ ≤μ-1/8a(1+√9 +48a),we show that RSA is vulnerable to cryptanalytic attacks based on lattice basis reduction.
We introduce a "generalized small inverse problem (GSIP)" and present an algorithm for solving this problem. GSIP is formulated as finding small solutions of f(x(0), x(1),...x(n)) = x(0)h(x(1),...,x(n))+C = ...
详细信息
We introduce a "generalized small inverse problem (GSIP)" and present an algorithm for solving this problem. GSIP is formulated as finding small solutions of f(x(0), x(1),...x(n)) = x(0)h(x(1),...,x(n))+C = 0(mod M) for an n-variate polynomial h, non-zero integers C and M. Our algorithm is based on lattice-based Coppersmith technique. We provide a strategy for construction of a lattice basis for solving f = 0, which is systematically transformed from a lattice basis for solving h = 0. Then, we derive an upper bound such that the target problem can be solved in polynomial time in log M in an explicit form. Since GSIPs include some RSA-related problems, our algorithm is applicable to them. For example, the small key attacks by Boneh and Durfee are re-found automatically.
Let a be a totally positive algebraic integer of degree d >= 2 and alpha(1) = alpha, alpha(2), ... alpha(d), be all its conjugates. We use explicit auxiliary functions to improve the known lower bounds of S-k/d, wh...
详细信息
Let a be a totally positive algebraic integer of degree d >= 2 and alpha(1) = alpha, alpha(2), ... alpha(d), be all its conjugates. We use explicit auxiliary functions to improve the known lower bounds of S-k/d, where S-k = Sigma(d)(i=1) alpha(k)(i) and k = 1, 2, 3. These improvements have consequences for the search of Salem numbers with negative traces.
In lattice-coded multiple-input multiple-output (MIMO) systems, optimal decoding amounts to solving the closest vector problem (CVP). Embedding is a powerful technique for the approximate CVP, yet its remarkable perfo...
详细信息
ISBN:
(纸本)9781457705953
In lattice-coded multiple-input multiple-output (MIMO) systems, optimal decoding amounts to solving the closest vector problem (CVP). Embedding is a powerful technique for the approximate CVP, yet its remarkable performance is not well understood. In this paper, we analyze the embedding technique from a bounded distance decoding (BDD) viewpoint. 1/(2 gamma)-BDD is referred to as a decoder that finds the closest vector when the noise norm is smaller than lambda(1)/(2 gamma), where lambda(1) is the minimum distance of the lattice. We prove that the Lenstra, Lenstra and Lovasz (lll) algorithm can achieve 1/(2 gamma)-BDD for gamma approximate to O(2(n/4)). This substantially improves the existing result gamma = O(2(n)) for embedding decoding. We also prove that BDD of the regularized lattice is optimal in terms of the diversity-multiplexing gain tradeoff (DMT).
Recent studies have investigated lattice-reduction (LR) preprocessing technique for multiple-input multiple-output (MIMO) detection. However, if LR is applied to the orthogonal-frequency-division-multiplexing (OFDM) s...
详细信息
ISBN:
(纸本)9781457705397
Recent studies have investigated lattice-reduction (LR) preprocessing technique for multiple-input multiple-output (MIMO) detection. However, if LR is applied to the orthogonal-frequency-division-multiplexing (OFDM) system, its complexity and latency increase greatly because of the large number of sub-carriers. This paper proposes a new processing architecture for LR-aided MIMO-OFDM system. This LR processing architecture reduces the number of iteration loops by using preprocessing matrix of adjacent sub-carrier. Beside, the grouping of sub-carriers can break the long critical computational path so as to comprise the computational complexity and latency. We simulate the proposed LR-aided MIMO-OFDM processing in the 3GPP-LTE system. The proposed method not only reduces the computational complexity but also shortens the latency for the lattice reduction.
暂无评论