Livernet and Loday constructed a polarization of the nonsymmetric associative operad A with one operation into a symmetric operad SA with two operations (the Lie bracket and Jordan product), and defined a one-paramete...
详细信息
Livernet and Loday constructed a polarization of the nonsymmetric associative operad A with one operation into a symmetric operad SA with two operations (the Lie bracket and Jordan product), and defined a one-parameter deformation of SA, which includes Poisson algebras. We combine this with the dendriform splitting of an associative operation into the sum of two nonassociative operations, and use Koszul duality for quadratic operads, to construct one-parameter deformations of the nonsymmetric dendriform and diassociative operads into the category of symmetric operads.
SinceMay (Crypto'02) revealed the vulnerability of the small CRT-exponent RSA using Coppersmith's lattice-based method, several papers have studied the problem and two major improvements have been made. Bleich...
详细信息
ISBN:
(纸本)9783319566146;9783319566139
SinceMay (Crypto'02) revealed the vulnerability of the small CRT-exponent RSA using Coppersmith's lattice-based method, several papers have studied the problem and two major improvements have been made. Bleichenbacher and May (PKC'06) proposed an attack for small d(q) when the prime factor p is significantly smaller than the other prime factor q;the attack works for p < N-0.468. Jochemsz and May (Crypto'07) proposed an attack for small d(p) and d(q) where the prime factors p and q are balanced;the attack works for d(p), d(q) < N-0.073. Even after a decade has passed since their proposals, the above two attacks are still considered to be the state-of-the-art, and no improvements have been made thus far. A novel technique seems to be required for further improvements since the attacks have been studied with all the applicable techniques for Coppersmith's methods proposed by Durfee-Nguyen (Asiacrypt'00), Jochemsz-May (Asiacrypt'06), and Herrmann-May (Asiacrypt'09, PKC'10). In this paper, we propose two improved attacks on the small CRT-exponent RSA: a small d(q) attack for p < N-0.5 (an improvement of Bleichenbacher-May's) and a small dp and d(q) attack for d(p), d(q) < N-0.091 (an improvement of Jochemsz-May's). We use Coppersmith's lattice-based method to solve modular equations and obtain the improvements from a novel lattice construction by exploiting useful algebraic structures of the CRT-RSA key generation. We explicitly show proofs of our attacks and verify the validities by computer experiments. In addition to the two main attacks, we propose small d(q) attacks on several variants of RSA.
The NTRU public key cryptosystem was proposed by Hoffstein, Pipher and Silverman in 1996. NTRU is one of the most widely used public key cryptosystems and its security has been an active research topic. In 1977, coppe...
详细信息
ISBN:
(纸本)9781509059423
The NTRU public key cryptosystem was proposed by Hoffstein, Pipher and Silverman in 1996. NTRU is one of the most widely used public key cryptosystems and its security has been an active research topic. In 1977, coppersmith and Shamir applied new lattice basis reduction techniques to cryptanalyze the scheme, to discover either the original secret key, or an alternative secret key which is equally useful in decoding the ciphertexts. In 2014, A. Nitaj gave cryptanalysis of NTRU with two public keys and compared with lattice attack given by Coppersmith and Shamir. In this paper, we are generalizing the idea of A. Nitaj and presenting cryptanalysis of NTRU with n public keys.
Co-occurrence matrices as sources of second order statistical descriptors are commonly used in texture classification tasks. To generate such a matrix, we need a position vector to check possible intensity frequencies...
详细信息
ISBN:
(纸本)9781509040117
Co-occurrence matrices as sources of second order statistical descriptors are commonly used in texture classification tasks. To generate such a matrix, we need a position vector to check possible intensity frequencies in its endpoints. In this paper, we propose an efficient algorithm to locate such position vectors according which the pattern of the texture repeats and thus, the descriptors (Haralick features) derived from the co-occurrence matrix are capable to characterize the regularity of the pattern. The essence of our approach is to look for vectors that span well-approximating grids defined by reference points obtained by quantizing the input image. To extract such grids we use the lll algorithm, which has a polynomial running time. Thus, we have a much more efficient solution than e.g. a brute force based search. Our results show that the proposed approach is capable to suggest position vectors for an efficient co-occurrence matrix based texture analysis.
This paper proposes three new attacks. In the first attack we consider the class of the public exponents satisfying an equation e X-N Y +(ap+ bq)Y = Z for suitably small positive integers a, b. Applying continued fr...
详细信息
This paper proposes three new attacks. In the first attack we consider the class of the public exponents satisfying an equation e X-N Y +(ap+ bq)Y = Z for suitably small positive integers a, b. Applying continued fractions we show thatY/Xcan be recovered among the convergents of the continued fraction expansion of e/N. Moreover, we show that the number of such exponents is at least Nwhere ε≥ 0 is arbitrarily small for large N. The second and third attacks works upon k RSA public keys(N, e) when there exist k relations of the form ex-Ny+(ap+ bq)y= zor of the form ex-Ny +(ap+ bq)y = zand the parameters x, x, y, y, zare suitably small in terms of the prime factors of the moduli. We apply the lll algorithm, and show that our strategy enables us to simultaneously factor k prime power RSA moduli.
In this paper, we demonstrate that there exist weak keys in the RSA public-key cryptosystem with the public exponent e = NαN0.5. In 1999, Boneh and Durfee showed that when α≈ 1 and the private exponent d = Nβ< ...
详细信息
In this paper, we demonstrate that there exist weak keys in the RSA public-key cryptosystem with the public exponent e = NαN0.5. In 1999, Boneh and Durfee showed that when α≈ 1 and the private exponent d = Nβ< N0.292, the system is insecure. Moreover, their attack is still effective for 0.5 < α < *** propose a generalized cryptanalytic method to attack the RSA cryptosystem with α≤0.5. For c = [(1-α)/α] and eγc≡ d(mod ec), when γ, β satisfy γ < 1+1/c-1/(2αc) and β < αc +7/6- αγc-1/3(6α + 6αc + 1- 6αγc)1/2, we can perform cryptanalytic attacks based on the lll algorithm. The basic idea is an application of Coppersmith's techniques and we further adapt the technique of unravelled linearization, which leads to an optimized *** advantage is that we achieve new attacks on RSA with α 0.5 and consequently, there exist weak keys in RSA for most α.
Since the proposal of NTRU cryptosystem, many variants were proposed by the researcher using different-different algebraic structure. In this article, we try to explore the existing variants of NTRU cryptosystem with ...
详细信息
Since the proposal of NTRU cryptosystem, many variants were proposed by the researcher using different-different algebraic structure. In this article, we try to explore the existing variants of NTRU cryptosystem with their comparative study. Copyright (C) 2016 John Wiley & Sons, Ltd.
In this paper, we propose a lattice reduction algorithm for use with NTRU lattices. Given an NTRU lattice as its input, the algorithm computes an lll-reduced basis. The proposed lattice reduction algorithm is more eff...
详细信息
In this paper, we propose a lattice reduction algorithm for use with NTRU lattices. Given an NTRU lattice as its input, the algorithm computes an lll-reduced basis. The proposed lattice reduction algorithm is more efficient than the classical lll algorithm. Recently, a lattice reduction algorithm for ideal lattices, named illl, was proposed by Plantard, Susilo, and Zhang. This algorithm is identical to that of the lll except for the fact that it contains an additional subroutine, named Reuse. The subroutine serves to further reduce a set of short vectors that has already been computed by the algorithm prior to its initiation. As a result, the illl is able to output an lll-reduced basis more efficiently than the lll is able to do so. However, the illl cannot be directly applied to an NTRU lattice, because it is not an ideal lattice. Yet, from the fact that an NTRU lattice is also a module lattice (a generalization of an ideal lattice), we can adapt the main idea behind the illl blockwisely in our approach to NTRU lattices. We demonstrate that the proposed algorithm (containing a modified version of the aforementioned subroutine Reuse) is asymptotically 5 times faster at outputting an lll-reduced basis than the lll when applied to NTRU lattices of dimension n. In the case of small n, our experiments show that the proposed algorithm is slightly faster at outputting an lll-reduced basis than the lll. In addition, we present an example of how to recover a private key of an NTRU encryption scheme by using the proposed algorithm in the case of n = 22. (C) 2016 Elsevier B.V. All rights reserved.
Luk and Tracy (2008) [7] developed a matrix interpretation of the lll algorithm. Building on their work [7], we propose to add pivoting to the algorithm. We prove that our new algorithm always terminates, and we const...
详细信息
Luk and Tracy (2008) [7] developed a matrix interpretation of the lll algorithm. Building on their work [7], we propose to add pivoting to the algorithm. We prove that our new algorithm always terminates, and we construct a class of ill-conditioned reduced matrices to illustrate the advantages of pivoting. (C) 2010 Elsevier Inc. All rights reserved.
In this paper, we propose a new column swapping traverse Lenstra-Lenstra-Lovasz algorithm (lll) for low-complexity lattice reduction aided multiple-input multiple-output (MIMO) detection. The original lll algorithm pe...
详细信息
ISBN:
(纸本)9781509025978
In this paper, we propose a new column swapping traverse Lenstra-Lenstra-Lovasz algorithm (lll) for low-complexity lattice reduction aided multiple-input multiple-output (MIMO) detection. The original lll algorithm performs a swapping with an adjacent column progressively when it doesn't satisfy Lovasz condition. However, this algorithm has a trouble in hardware implementation because its complexity and run-time are variable. This correspondence proposes the modified lll algorithm which performs a swapping only with the column apart from predefined number of leaping. In the case of the modified column swapping traverse, it clearly decreases the number of iterations and execution time especially for the worst-case situations. Simulation result shows that the proposed lll algorithm aided MIMO detection achieves more reduced complexity while maintaining similar performance compared to the original algorithm for hardware implementation.
暂无评论