speaking of weak primes, weak exponents?
Qi Cheng is not aware of any further work on "A New Class of Unsafe Primes" - http://eprint.iacr.org/2002/109 , which was mentioned here recently (thanks Peter). not a big deal or something to be concerned about? (the speed improvement shown makes me think this should be a check performed for all prime selection in any pubkey system, even if it is unlikely) also curious if anyone has insight on the following as potential pitfalls to avoid when implementing / generating RSA: --- http://eprint.iacr.org/2006/093 "RSA and a higher degree diophantine equation ... Let $N=pq$ be an RSA modulus where $p$, $q$ are large primes of the same bitsize. We study the class of the public exponents $e$ for which there exist an integer $m$ with $1\leq m\leq {\log{N}\over \log{32}}$ and small integers $u$, $X$, $Y$ and $Z$ satisfying $$(e+u)Y^m-\psi(N)X^m=Z,$$ where $\psi(N)=(p+1)(q-1)$. First we show that these exponents are of improper use in RSA cryptosystems." --- http://eprint.iacr.org/2006/092 "Cryptanalysis of RSA with constrained keys ... We show that choosing a public key exponent $e$ for which there exist positive integers $X$, $Y$ such that $\left\vert eY-XF(u)\right\vert$ and $Y$ are suitably small, then the system is insecure." --- one last related item, large qubit quantum computers: --- http://www.mail-archive.com/cryptography@metzdowd.com/msg05835.html bulk quantum computation Travis H. Here's a 1997 paper on "quantum computing in the large" that I had been asking about: http://www.media.mit.edu/physics/projects/spins/home.html "Neil Gershenfeld and Isaac Chuang have developed an entirely new approach to quantum computation that promises to solve many of these problems. Instead of carefully isolating a small number of qubits, we use a large thermal ensemble (such as a cup of coffee). Such a system has ~10^23 degrees of freedom; by applying RF pulses that excite nuclear magnetic resonances, we can create a tiny deviation from equilibrium that acts just like a much smaller number of pure qubits."
coderman <coderman@gmail.com> writes:
not a big deal or something to be concerned about? (the speed improvement shown makes me think this should be a check performed for all prime selection in any pubkey system, even if it is unlikely)
I've also posted this to sci.crypt to see if anyone there had any comments, both Tom St.Denis (a regular contributor and author of libtomcrypt) and David Wagner (needs no introduction :-) comment that the chance of a random 512-bit prime having this form is about 1/2^250, so it's not worth checking for. See the sci.crypt thread for more info. Peter.
participants (2)
-
coderman
-
pgut001@cs.auckland.ac.nz