R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....The rst one is to nd protocol failures [20] and the other one is to directly attack the underpinning crypto algorithm. The cycling attack and its generalizations fall into the second category. So, it is important to carefully analyze the signi cance of this attack. For RSA, Rivest and Silverman [25] (see also [16] concluded that the chance that a cycling attack will succeed is negligible, whatever the form of the public modulus n. For elliptic curve based systems, the analysis is more dicult because the underlying group is not always cyclic. We will actually give some results valid for ....

....of success. 6. Concluding remarks In Section 4, we proved that if the conditions of Theorems 4 and 5 are ful lled, then cycling attacks are useless for elliptic curve based RSA systems. This is the elliptic version of the well known strong primes criteria. For RSA, Rivest and Silverman [25] claimed that this criteria is not required. They said: Strong primes o er little protection beyond that o ered by random primes. We will now analyze more accurately how valid this assertion is, and if it remains valid for elliptic curve based systems. The analogue of Theorems 4 and 5 for ....

[Article contains additional citation context not shown here]

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

....has to remain secure for a long period of time. In other applications it is beneficial to proactivize the capability to decrypt a message encrypted with a public key encryption system. Examples include electronic voting systems where voters encrypt their votes with the voting center s public key [10], and secure repositories where users keep sensitive data in a certified way. Implementations We are aware of three implementation efforts of proactive security systems currently under way: by Sandia National Labs, IBM Research, and a DARPA project. We elaborate on these efforts in ....

.... Crypto 94, pages 425 438, 1994. Springer Verlag. Lecture Notes in Computer Science No. 839. 9] R. Canetti, S. Halevi, and A. Herzberg. Maintaining Authenticated Communication in the Presence of Break ins. In Proc. 16th ACM Symp. on Principles of Distributed Computation. ACM, 1997. [10] R. Cramer, R. Gennaro, and B. Schoenmakers. A secure and optimally efficient multi authority election scheme. In Walter Fumy, editor, Advances in Cryptology Eurocrypt 97, pages 103 118, 1997. Springer Verlag. Lecture Notes in Computer Science No. 1233. 11] Y. Desmedt and Y. Frankel. ....

[Article contains additional citation context not shown here]

R.L. Rivest and R.D. Silverman. Are Strong Primes Needed for RSA? To appear.

....first one is to find protocol failures [20] and the other one is to directly attack the underpinning crypto algorithm. The cycling attack and its generalizations fall into the second category. So, it is important to carefully analyze the significance of this attack. For RSA, Rivest and Silverman [25] (see also [16] concluded that the chance that a cycling attack will succeed is negligible, whatever the form of the public modulus n. For elliptic curve based systems, the analysis is more difficult because the underlying group is not always cyclic. We will actually give some results valid for ....

....of success. 6. Concluding remarks In Section 4, we proved that if the conditions of Theorems 4 and 5 are fulfilled, then cycling attacks are useless for elliptic curve based RSA systems. This is the elliptic version of the well known strong primes criteria. For RSA, Rivest and Silverman [25] claimed that this criteria is not required. They said: Strong primes offer little protection beyond that offered by random primes. We will now analyze more accurately how valid this assertion is, and if it remains valid for elliptic curve based systems. The analogue of Theorems 4 and 5 for ....

[Article contains additional citation context not shown here]

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

....these criteria, showing how random primes that satisfy most of the criteria may be quickly generated, and explaining why some criteria can be and should be ignored. The position of RSA Laboratories is that virtually all of these requirements are unnecessary. The reasons for this are given in [10], which is included as an attachment to this document. We summarize the criteria here: 1) If e, the public exponent is odd, then e shall be relatively prime to p 1 and q 1. 16 This is easily satised by choosing e.g. e = 3, or e = 2 1. These are commonly used values. This criterion is ....

....procedure and that the probability that the procedure is in error is less than 31 2 8 10 or that we have a rigorous proof of primality. 5) p 1, q 1, p 1, and q 1 shall each have large prime factors. Unfortunately, the standard does not dene large . From the results presented in [8, 10, 12], we suggest that 2 is suciently large. This will put p 1 factoring attacks well out of computer range. The size of the prime factors (101 bits) of p 1 and q 1 is much too large for these algorithms to succeed in the lifetime of the universe. 6) GCD(p 1; q 1) shall be small. The standard ....

[Article contains additional citation context not shown here]

R.L. Rivest and R.D. Silverman, Are Strong Primes Needed for RSA? (to appear). m

No context found.

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

No context found.

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

No context found.

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

No context found.

R.L. Rivest and R.D. Silverman. Are 'strong' primes needed for RSA. In The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC