🌑

☀️

Hi Folks.

Home Explore About

🇨🇳 🔎

Explore / Study / Computer Science / Cryptography 407 words | 2 minutes

$Gen$ : On input $1^n$ , Run $GenRSA(1^n)$ to obtain $(N, e, d)$ .

The public key is $\langle N, e\rangle$ , and the private key is $\langle N, d\rangle$ .
$Enc$ : Given inputs $pk = \langle N, e\rangle$ , and $m \in \mathbb{Z}^*_N$ ,

Output the ciphertext $c := [m^e \bmod N]$ .
$Dec$ : Given inputs $sk = \langle N, d\rangle$ , and ciphertext $c \in \mathbb{Z}^*_N$ ,

Output the message as $\hat{m} := [c^d \bmod N]$ .

Theorem (Coppersmith). Let $p(x)$ be a polynomial of degree $e$ . Then in time $poly(\|N\|, e)$ , one can find all $m$ such that $p(m) = 0 \bmod N$ and $|m| \le N^{1/e}$ .

$Gen$ : On input $1^n$ , Run $GenRSA(1^n)$ to obtain $(N, e, d)$ .

The public key is $\langle N, e\rangle$ , and the private key is $\langle N, d\rangle$ .
$Enc$ : On inputs $pk = \langle N, e\rangle$ , and $m \in \{0,1\}^{\| N\| -l(n)-2}$ , where $l(n) \le 2n - 4$ , choose uniform string $r \in \{0,1\}^{l(n)}$ , and interpret $\hat{m} := r\|m$ as an element of $\mathbb{Z}^*_N$ .

Output the ciphertext $c := [\hat{m}^e \bmod N]$ .
$Dec$ : On inputs $sk = \langle N, d\rangle$ , and ciphertext $c \in \mathbb{Z}^*_N$ , compute $\hat{m} := [c^d \bmod N]$ ,

Output the $\| N\| -l(n)-2$ least significant bits of $\hat{m}$ .