Journal of Software
1000-9825
1
26
10.13328/j.cnki.jos.006657
article
RSA及其变体算法的格分析方法研究进展
Progress of Lattice-based Cryptanalysis of RSA and Its Variant Algorithms
格分析是一种利用格困难问题的求解算法分析公钥密码安全性的分析方法, 是研究RSA类密码算法安全性的有力数学工具之一. 格分析的关键在于构造格基, 虽然目前已有通用简洁的格基构造策略, 然而, 这种通用方法无法充分、灵活地利用RSA及其变体的代数结构. 近年来, RSA类算法的格分析工作大多在通用策略的基础上引入特殊格基构造技巧. 首先介绍了格分析方法以及通用格基构造策略, 并总结提炼了几种常用格基构造技巧; 其次, 回顾了标准RSA算法格分析的主要成果, 即模数分解攻击、小解密指数攻击以及部分私钥泄漏攻击; 然后, 总结了几种主流RSA变体算法的特殊代数结构, 及其适用的特殊格基构造技巧; 最后, 对现有RSA及其变体算法的格分析工作进行了分类总结, 并展望了格分析方法的研究与发展方向.
Lattice-based cryptanalysis, an analysis method using the algorithms solving hard lattice problems to analyze the security of public-key cryptosystems, has become one of the powerful mathematical tools for studying the security of the Rivest-Shamir-Adleman (RSA)-type cryptographic algorithms. The key point of this method is the construction of the lattice basis. There exists a general strategy for lattice basis construction. However, this general strategy fails to fully and flexibly utilize the algebraic structure of the RSA algorithm and its variants. In recent years, lattice-based cryptanalysis of RSA-type algorithms mostly focuses on introducing special techniques of lattice base construction on the basis of the general strategy. This study starts by outlining lattice-based cryptanalysis and the general strategy for lattice basis construction and summarizing several commonly used techniques of lattice basis construction. Subsequently, the main achievements in lattice-based cryptanalysis of the standard RSA algorithm are reviewed, and they involve factoring with known bits, small private exponent attacks, and partial key exposure attacks. Then, the special algebraic structures of several mainstream variants of the RSA algorithm and the techniques of lattice basis construction applicable to these variants are summarized. Finally, the available work on lattice-based cryptanalysis of the RSA algorithm and its variants is classified and summed up, and the prospects of the research and development of lattice-based cryptanalysis are presented.
RSA;Coppersmith方法;格分析;RSA变体;LLL算法
Rivest-Shamir-Adleman (RSA);Coppersmith’s method;lattice-based cryptanalysis;RSA variants;LLL algorithm
周永彬,姜子铭,王天宇,袁思蒙,许军,王鲲鹏,刘月君
ZHOU Yong-Bin, JIANG Zi-Ming, WANG Tian-Yu, YUAN Si-Meng, XU Jun, WANG Kun-Peng, LIU Yue-Jun
jos/article/abstract/6657