Decimal to primorial, Base10 into Base<sup>Q</sup>

75710 into a primorial representation by successive divisions: 757 ÷ 2 = 231, remainder 1 378 ÷ 3 = 126, remainder 0 126 ÷ 5 = 25, remainder 1 25 ÷ 7 = 3, remainder 4 3 ÷ 11 = 3, remainder 3 => 34101<sup>Q</sup>

### 15. RSA100 factorization using primorials

$$\mathbf{N} = (\mathbf{P}\_1)(\mathbf{P}\_2) = (\mathbf{a}\mathbf{P}\_k\boldsymbol{\omega} + \mathbf{c})(\mathbf{a}\mathbf{P}\_k\boldsymbol{\omega} + \mathbf{d}) = (\mathbf{a}\mathbf{P}\_k\boldsymbol{\omega})^2 + (\mathbf{c} + \mathbf{d})\mathbf{a}\mathbf{P}\_k\boldsymbol{\omega} + \mathbf{c}\mathbf{d}$$

Pk#2 ≤ N 1522605027922533360535618378132637429718068114961380688657908⋱

494580122963258952897654000350692006139=p31#<sup>2</sup>

ð Þ aPk# <sup>2</sup> <sup>≤</sup> <sup>N</sup> <sup>1522605027922533360535618378132637429718068114961380688657908</sup><sup>⋱</sup>

<sup>494580122963258952897654000350692006139</sup><sup>=</sup> <sup>9</sup>p31#<sup>2</sup> � �

$$\mathbf{N} = (a\mathbf{P}\_k \boldsymbol{\#} + \mathbf{c})(a\mathbf{P}\_k \boldsymbol{\#} + \mathbf{d}) = (a\mathbf{P}\_k \boldsymbol{\#} + \mathbf{c}\mathbf{P}\_{k-1} \boldsymbol{\#} + \mathbf{e})(a\mathbf{P}\_k \boldsymbol{\#} + d\mathbf{P}\_{k-1} \boldsymbol{\#} + \mathbf{f})$$

$$\begin{aligned} \mathbf{P}\_{k\#} &= \mathbf{P}\_{k} (\mathbf{P}\_{k-1\#}) \\\\ \mathbf{N} &= (a \mathbf{P}\_{k} (\mathbf{P}\_{k-1\#}) + c \mathbf{P}\_{k-1\#} \# + e) (a \mathbf{P}\_{k} (\mathbf{P}\_{k-1\#}) + d \mathbf{P}\_{k-1\#} \# + f) \\\\ &= ((a \mathbf{P}\_{k} + c) \mathbf{P}\_{k-1\#} \# + e) ((a \mathbf{P}\_{k} + d) \mathbf{P}\_{k-1\#} \# + f) \\\\ \mathbf{N} &= (a \mathbf{P}\_{k} + c) (a \mathbf{P}\_{k} + d) (\mathbf{P}\_{k-1\#})^{2} + (f (a \mathbf{P}\_{k} + c) + e (a \mathbf{P}\_{k} + d)) (\mathbf{P}\_{k-1\#}) + e \mathbf{f} \\\\ (a \mathbf{P}\_{k} + c) (a \mathbf{P}\_{k} + d) (\mathbf{P}\_{k-1\#})^{2} \le \mathbf{N} \Rightarrow (a \mathbf{P}\_{k} + c) (a \mathbf{P}\_{k} + d) = \frac{\mathbf{N} - \mathbf{N} \text{mod} (\mathbf{P}\_{k-1\#})^{2}}{(\mathbf{P}\_{k-1\#})^{2}} \\\\ \mathbf{N} &= 1523830 \,\mathrm{x}^{2} + 27406046005166967437863263040740903499726862 \,\mathrm{x} \end{aligned}$$

```
þ 12231378224719217781270707850591564671548897759
```
1523830 ¼ 2 � 5 � 7 � 11 � 1979 ¼ ð Þ 770 ð Þ¼ 1979 ð Þ 1234�464 ð Þ 1234þ745 Not symmetrical about square root [12]

<sup>1522868</sup> <sup>¼</sup> <sup>2</sup><sup>2</sup> � <sup>317</sup> � <sup>1201</sup> <sup>¼</sup> ð Þ <sup>1201</sup> ð Þ¼ <sup>1268</sup> ð Þ <sup>1234</sup> � <sup>33</sup> ð Þ <sup>1234</sup> <sup>þ</sup> <sup>34</sup> Symmetrical about square root.

$$\mathbf{N} = (a\mathbf{P}\_k + \mathbf{c})(a\mathbf{P}\_k + \mathbf{d})(\mathbf{P}\_{k-1}\boldsymbol{\pi})^2 + (f(a\mathbf{P}\_k + \mathbf{c}) + \mathbf{e}(a\mathbf{P}\_k + \mathbf{d}))(\mathbf{P}\_{k-1}\boldsymbol{\pi}) + \mathbf{e}^f$$

$$(a\mathbf{P}\_k + \mathbf{c})(a\mathbf{P}\_k + \mathbf{d})(\mathbf{P}\_{k-1}\boldsymbol{\pi})^2 \le \mathbf{N} \Rightarrow (a\mathbf{P}\_k + \mathbf{c})(a\mathbf{P}\_k + \mathbf{d}) = \frac{\mathbf{N} - \mathbf{N} \text{mod}(\mathbf{P}\_{k-1}\boldsymbol{\pi})^2}{\left(\mathbf{P}\_{k-1}\boldsymbol{\pi}\right)^2}.$$

$$1521642935492617539765579106664136748401379615914 \cdot \text{\AA}$$

$$312169315386041883234627722692028711378934397966 \cdot \text{\AA}$$

$$800/p\_{30}\text{\#}^2$$

Consider each congruency and look for a factorization that is symmetrical about the square root.

In this case 1234 + 34 =1268, 1234 – 33 = 1201.

$$N = (aP\_k + c)(aP\_k + d)(P\_{k-1}\#)^2 + (f(aP\_k + c) + e(aP\_k + d))(P\_{k-1}\#) + \mathfrak{e}f$$

$$30431475913593577738588710930551227419722971658953 \times +$$

$$151816659580901664885523419281115998823527019067345405631 \cdot \text{\AA}$$

401183567090345342039152734187917869,

$$N = ((aP\_k + c)P\_{k-1} \# + e)((aP\_k + d)P\_{k-1} \# + f)$$

$$\begin{aligned} \mathbf{k} &= \mathbf{31}, \quad P\_{31} = \mathbf{127}, \quad (aP\_k + e) = \mathbf{1201}, \quad (aP\_k + d) = \mathbf{12} \\ a &= 9, \quad c = 58, \quad d = \mathbf{125}, \; P\_{31} = \mathbf{127} \end{aligned}$$

$$N = (9P\_{31}\# + 58P\_{30}\# + e)(9P\_{33}\# + \mathbf{125}P\_{30}\# + f)$$

$$N = (\mathbf{1201})(\mathbf{1268})P\_{30}^2 + (\mathbf{1201}f + \mathbf{1268}e)P\_{30} + cf$$

$$N = (a^2 + m)P\_{k1}^2 + (a(c+d) + n)P\_{31} + cd$$

$$a^2 + m = \frac{N - N \text{mod}P\_k^2 \#}{P\_k^2 \#} = 94 \qquad \Rightarrow a = 9, \quad m = \mathbf{13}$$

$$a^2 P\_{k^\*}^2 + [a(c+d) + mP\_k \#]P\_k \# + (nP\_k \# + cd)$$

$$P\_k \# = P\_k(P\_{k-1} \#) \Rightarrow N = (\mathbf{1201})(\mathbf{1268})P\_{30}^2 + (\mathbf{1201}f + \mathbf{1268}e)P\_{30}^{-\text{s}} + cf$$

$$N = (9P\_{31}\# + 58P\_{30}\# + e)(9P\_{31}\pm + \mathbf{125}P\_{30}\star + f)$$

Repeat these steps for P29# and so on… (Table 4)

$$N = (\mathfrak{P}\mathfrak{P}\_{31}\# + \mathfrak{S}\mathfrak{P}\_{30}\# + \mathfrak{A}\mathfrak{P}\_{29}\# + \mathfrak{g})(\mathfrak{P}\mathfrak{P}\_{31}\# + \mathfrak{L}\mathfrak{S}\mathfrak{P}\_{30}\# + \mathfrak{A}\mathfrak{G}\mathfrak{P}\_{29}\# + h)$$


Table 4.

P1 and P2 as base Primorial numbers.

General properties of mixed radix number systems apply to the base primorial system. The primorial number system OEIS A000040 is denoted by a subscript "

n … 7 6 5 4 3 21 pn n… 17 13 11 7 5 3 2 n# … 510510 30030 2310 210 30 6 2 highest Pnþ<sup>1</sup> � 1 18 16 12 10 6 4 1

¼ 3 � p4# þ 4 � p3# þ 1 � p2# þ 0 � p1# þ 1 � p0# ¼ 3 � 210 þ 4 � 30 þ 1 � 6 þ 0 � 2 þ 1 � 1

Pk#2 ≤ N 1522605027922533360535618378132637429718068114961380688657908⋱

494580122963258952897654000350692006139=p31#<sup>2</sup>

ð Þ aPk# <sup>2</sup> <sup>≤</sup> <sup>N</sup> <sup>1522605027922533360535618378132637429718068114961380688657908</sup><sup>⋱</sup> <sup>494580122963258952897654000350692006139</sup><sup>=</sup> <sup>9</sup>p31#<sup>2</sup> � �

N ¼ ð Þ aPk# þ c ð Þ¼ aPk# þ d ð Þ aPk# þ cPk�1# þ e ð Þ aPk# þ dPk�1# þ f

N ¼ ð Þ aPkð Þþ Pk�1# cPk�1# þ e ð Þ aPkð Þþ Pk�1# dPk�1# þ f

<sup>N</sup> <sup>¼</sup> <sup>1523830</sup>x<sup>2</sup> <sup>þ</sup> <sup>27406046005166967437863263040740903499726862</sup> <sup>x</sup>

þ 12231378224719217781270707850591564671548897759

¼ ðð Þ aPk þ cÞPk�1# þ e ð Þ ð Þ aPk þ d Pk�1# þ f

N ¼ ð Þ aPk þ c ð Þ aPk þ d ð Þ Pk�1#

ð Þ aPk þ c ð Þ aPk þ d ð Þ Pk�1#

30

Consider the following example: Primorial to decimal, Base<sup>Q</sup> to Base10

Table 3.

Primorial radix number system.

757 ÷ 2 = 231, remainder 1 378 ÷ 3 = 126, remainder 0 126 ÷ 5 = 25, remainder 1 25 ÷ 7 = 3, remainder 4

Pk# ¼ Pkð Þ Pk�1#

34101<sup>Q</sup> stands for 3443120110, whose value is

Modern Cryptography – Current Challenges and Solutions

¼ ðððð Þ� 3 � 7 þ 4 5 þ 1Þ � 3 þ 0Þ � 2 þ 1Þ � 1 ¼ 75710:

75710 into a primorial representation by successive divisions:

N ¼ ð Þ P<sup>1</sup> ð Þ¼ P<sup>2</sup> ð Þ aPk# þ c ð Þ¼ aPk# þ d ð Þ aPk#

Decimal to primorial, Base10 into Base<sup>Q</sup>

3 ÷ 11 = 3, remainder 3 => 34101<sup>Q</sup>

15. RSA100 factorization using primorials

Q".

<sup>2</sup> <sup>þ</sup> ð Þ <sup>c</sup> <sup>þ</sup> <sup>d</sup> aPk# <sup>þ</sup> cd

<sup>2</sup> þ ð f aP <sup>ð</sup> <sup>k</sup> <sup>þ</sup> <sup>c</sup>Þ þ e aP ð ÞÞð <sup>k</sup> <sup>þ</sup> <sup>d</sup> Pk�1#Þ þ ef

2

ð Þ Pk�1# 2

<sup>2</sup> <sup>≤</sup> <sup>N</sup> ) ð Þ aPk <sup>þ</sup> <sup>c</sup> ð Þ¼ aPk <sup>þ</sup> <sup>d</sup> <sup>N</sup> � Nmod Pð Þ <sup>k</sup>�1#

<sup>N</sup> <sup>¼</sup> <sup>1522868</sup>x2<sup>þ</sup>

3043147581359377738588710930551227419722971658953xþ

151816659580901664885523419281115998823527019067345405631⋱

17. Coppersmith attack

DOI: http://dx.doi.org/10.5772/intechopen.84852

Survey of RSA Vulnerabilities

(Section 13) [15].

j j <sup>x</sup><sup>0</sup> , <sup>M</sup><sup>1</sup>

the pi

equations over integers.

When d is small and e is large; via the Euler totient rule � �, the Wiener attack (Section 5) can be used. Conversely, when d is large, e is small. Particular applications of the Coppersmith method for attacking RSA include cases when the public exponent e is small or when partial knowledge of the secret key is available

A small public exponent e, reduces the encryption time. Common choices for e

Let F xð Þ¼ xn <sup>þ</sup> an�<sup>1</sup>x<sup>n</sup> � <sup>1</sup> <sup>þ</sup> … <sup>þ</sup> <sup>a</sup>1<sup>x</sup> <sup>þ</sup> <sup>a</sup><sup>0</sup> and F xð Þ� <sup>0</sup> <sup>0</sup> mod M for an integer

<sup>n</sup>. Coppersmith can find the integer solution for x<sup>0</sup> by finding a different polynomial f related to F that has the root x<sup>0</sup> mod M but only has small coefficients. The small coefficients are constructed using the LLL (Section 14). Given F, the LLL

þ 1 and are

ð Þ x of

<sup>d</sup> . ∈ . 0. Given

5 ) gs ¼ 2, 5. Find one x

are 3, 17 and 65537 2<sup>16</sup>þ<sup>1</sup> � � [16]. These are Fermat primes Fx : Fx <sup>¼</sup> <sup>2</sup><sup>2</sup><sup>x</sup>

constructs polynomials p1ð Þ x , p2ð Þ x , …pnð Þ x that all have same root

such that <sup>x</sup><sup>d</sup> <sup>þ</sup> cn�<sup>1</sup>xd�<sup>1</sup> <sup>þ</sup> … <sup>þ</sup> <sup>c</sup>2x<sup>2</sup> <sup>þ</sup> <sup>c</sup>1<sup>x</sup> <sup>þ</sup> <sup>c</sup>0. Set <sup>X</sup> <sup>¼</sup> <sup>N</sup><sup>1</sup>

<sup>i</sup>¼<sup>1</sup> <sup>p</sup>ei

Example: Let <sup>p</sup> <sup>¼</sup> <sup>41</sup>, <sup>α</sup> <sup>¼</sup> <sup>7</sup>, <sup>β</sup> <sup>¼</sup> <sup>12</sup> solve 12 <sup>¼</sup> <sup>7</sup><sup>x</sup> mod <sup>41</sup>

1. Find the prime factors of <sup>p</sup> � <sup>1</sup> ) <sup>41</sup> � <sup>1</sup> <sup>¼</sup> <sup>40</sup> <sup>¼</sup> <sup>2</sup><sup>3</sup>

combination has the same root x0mod M<sup>a</sup>.

provides the zeroes of f xð Þ over Z.

f mod N, smaller than <sup>X</sup> <sup>¼</sup> <sup>N</sup><sup>1</sup>

This is a similar idea to Section 13.

2. For <sup>g</sup> <sup>¼</sup> <sup>2</sup>, <sup>x</sup> <sup>¼</sup> <sup>2</sup><sup>0</sup>x<sup>0</sup> <sup>þ</sup> 21

prime factorization <sup>n</sup> <sup>¼</sup> <sup>Q</sup><sup>r</sup>

<sup>x</sup>∈f g <sup>0</sup>; …; <sup>n</sup> � <sup>1</sup> : <sup>g</sup><sup>x</sup> <sup>¼</sup> <sup>h</sup>

for each g.

33

18. Pohlig-Hellman

chosen because the modular exponent derivation is faster. The Coppersmith method reduces the solving of modular polynomial equations to solving polynomial

x0mod Ma, a∈ Z: a depends on the degree of F and the size of x0. Any linear

The next step is to use LLL to construct a linear combination f xð Þ¼ ∑cipi

ð Þ N; f then all integers x<sup>0</sup> , X : f xð Þ� <sup>0</sup> 0 mod N can now be found. All roots of

<sup>d</sup> can be found.

ð Þ <sup>x</sup> so that the inequality j j f xð Þ<sup>0</sup> , <sup>M</sup><sup>a</sup> holds. Then standard factorization

Let N be an integer and f ∈ Z½ � x be a monic polynomial of degree d, over integers

The Pohlig-Hellman [17] algorithm is a method to compute a discrete logarithm (which is a difficult problem) on a multiplicative group. The order of which is a smooth number (also called friable), meaning its order can be factorized into small primes. A positive integer is called B-smooth if none of its prime factors is greater than <sup>B</sup>. For example, 1620 has prime factorization 2<sup>2</sup> � <sup>3</sup><sup>4</sup> � 5; therefore 1620 is 5 smooth because none of its prime factors are greater than 5. This is similar to that of the Overmars factorization method (Section 10). The Pohlig-Hellman [17] algorithm applies to groups whose order is a prime power. The basic idea is to iteratively compute the p-adic digits of the logarithm by repeatedly "shifting out" all but one unknown digit in the exponent and computing that digit by elementary methods.

INPUT: A cyclic group G of order n with a generator g, an element h∈ G, and a

<sup>i</sup> OUTPUT: The unique integer

<sup>x</sup><sup>1</sup> <sup>þ</sup> <sup>2</sup><sup>2</sup>x<sup>2</sup> 23 ) cubic ! three terms

<sup>d</sup>� <sup>∈</sup> for <sup>1</sup>

401183567090345342039152734187917869:

N ¼ ð Þ 1268x þ 13141666871354355315613715084104347742596620741

ð Þ 1201x þ 11552313802126969246479999301689200142637563209 , x ¼ p30#Þ

N ¼ ð Þ 9P31# þ 58P30# þ e ð Þ 9P31# þ 125P30# þ f

N ¼ ð Þ 9P31# þ 58P30# þ 11552313802126969246479999301689200142637563209 ∗

ð Þ 9P31# þ 125P30# þ 13141666871354355315613715084104347742596620741

N ¼ ð Þ 9P31# þ 58P30# þ 41P29# þ g ð Þ 9P31# þ 125P30# þ 46P29# þ h

N ¼ ð9P31# þ 58P30# þ 41P29# þ 83178932594916863170676664934419945962676779Þ ∗

$$(\mathsf{9P\_{34}} \# + \mathsf{125P\_{30}} \# + \mathsf{46P\_{29}} \# + \mathsf{273857017733028251413011637989228497546748161))$$

The conversion to a decimal from the base primorial (Section 12) provides P<sup>1</sup> and P<sup>2</sup>

$$\mathbf{P}\_1 = (37975227936943673922808872755445627854565536638199)\_{10}$$

$$\mathbf{P}\_2 = (40094690950920881030683735292761468389214899724061)\_{10}$$
