-
Notifications
You must be signed in to change notification settings - Fork 1
/
lattice_based_attacks.bib
260 lines (234 loc) · 9.85 KB
/
lattice_based_attacks.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
@article{Example,
author = {TODO},
title = {TODO},
year = {2000},
note = {\href{https://duckduckgo.com}{https://duckduckgo.com}},
}
@misc{repo,
author = {Giovanni Di Santi},
title = {Introduction to lattices attack},
year = {2021},
note = {\url{https://github.com/meowmeowxw/lattice-based-attacks}}
}
@book{mathcrypto14,
author = {Hoffstein, Jeffrey and Pipher, Jill and Silverman, J.H.},
title = {An Introduction to Mathematical Cryptography},
year = {2014},
isbn = {978-0-387-77994-2},
publisher = {Springer Publishing Company, Incorporated},
edition = {2},
chapter = 7,
}
@misc{cryptoeprint:2020:1506,
author = {Gabrielle De Micheli and Nadia Heninger},
title = {Recovering cryptographic keys from partial information, by example},
howpublished = {Cryptology ePrint Archive, Report 2020/1506},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1506}},
}
@inproceedings{LWE,
author = {Regev, Oded},
title = {On Lattices, Learning with Errors, Random Linear Codes, and Cryptography},
year = {2005},
isbn = {1581139608},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1060590.1060603},
doi = {10.1145/1060590.1060603},
booktitle = {Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing},
pages = {84–93},
numpages = {10},
keywords = {lattices, computational learning theory, public key encryption, quantum computing, cryptography, statistical queries},
location = {Baltimore, MD, USA},
series = {STOC '05}
}
@article{LLL,
author = {Lenstra, H.W. jr. and Lenstra, A.K. and Lovász, L.},
journal = {Mathematische Annalen},
keywords = {polynomial-time algorithm; factorization of primitive polynomials; algorithm for basis reduction; diophantine approximation; operations research; cryptography},
pages = {515-534},
title = {Factoring Polynomials with Rational Coefficients.},
url = {http://eudml.org/doc/182903},
volume = {261},
year = {1982},
}
@misc{3b1b,
author = {Grant Sanderson},
title = {Dot product plot},
year = {2016},
organization = {Youtube},
note = {\url{https://youtu.be/LyGKycYT2v0?t=105}}
}
@misc{determinant,
author = {Grant Sanderson},
title = {Geometric explanation of determinant},
year = {2016},
organization = {Youtube},
note = {\url{https://www.youtube.com/watch?v=Ip3X9LOh2dk}}
}
@misc{lllintuition,
author = {Kelby Ludwig},
title = {Building Lattice Reduction (LLL) Intuition},
year = {2017},
organization = {https://kel.bz},
note = {\url{https://kel.bz/post/lll/}}
}
@misc{lllexplanation,
author = {Oded Regev},
title = {LLL Algorithm},
year = {2004},
organization = {Tel Aviv University},
note = {\url{https://cims.nyu.edu/~regev/teaching/lattices_fall_2004/ln/lll.pdf}},
}
@article{babai,
author={Babai, L.},
title={On Lov{\'a}sz' lattice reduction and the nearest lattice point problem},
journal={Combinatorica},
year={1986},
month={Mar},
day={01},
volume={6},
number={1},
pages={1-13},
abstract={Answering a question of Vera S{\'o}s, we show how Lov{\'a}sz' lattice reduction can be used to find a point of a given lattice, nearest within a factor ofcd(c = const.) to a given point in Rd. We prove that each of two straightforward fast heuristic procedures achieves this goal when applied to a lattice given by a Lov{\'a}sz-reduced basis. The verification of one of them requires proving a geometric feature of Lov{\'a}sz-reduced bases: ac1dlower bound on the angle between any member of the basis and the hyperplane generated by the other members, wherec1 = {\textsurd}2/3.},
issn={1439-6912},
doi={10.1007/BF02579403},
url={https://doi.org/10.1007/BF02579403}
}
@article{wiener,
author={Wiener, M.J.},
journal={IEEE Transactions on Information Theory},
title={Cryptanalysis of short RSA secret exponents},
year={1990},
volume={36},
number={3},
pages={553-558},
doi={10.1109/18.54902}}
}
@misc{boneh99twentyyears,
author = {Dan Boneh},
title = {Twenty Years of Attacks on the RSA Cryptosystem},
year = {1999},
note = {\url{https://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf}},
}
@inproceedings{coppersmith96,
author="Coppersmith, Don",
editor="Maurer, Ueli",
title="Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known",
booktitle="Advances in Cryptology --- EUROCRYPT '96",
year="1996",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="178--189",
abstract="We present a method to solve integer polynomial equations in two variables, provided that the solution is suitably bounded. As an application, we show how to find the factors of N = PQ if we are given the high order ((1/4) log2N) bits of P. This compares with Rivest and Shamir's requirement of ((1/3) log2N) bits.",
isbn="978-3-540-68339-1"
}
@inproceedings{roca,
Author = {Matus Nemec and Marek Sys and Petr Svenda and Dusan Klinec and Vashek Matyas},
Title = {{The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli}},
BookTitle = {24th ACM Conference on Computer and Communications Security (CCS'2017)},
Year = {2017},
ISBN = {978-1-4503-4946-8/17/10},
Publisher = {ACM},
Pages = {1631-1648}
}
@inbook{may2011,
author="May, Alexander",
editor="Nguyen, Phong Q.
and Vall{\'e}e, Brigitte",
title="Using LLL-Reduction for Solving RSA and Factorization Problems",
bookTitle="The LLL Algorithm: Survey and Applications",
year="2010",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="315--348",
abstract="Twenty five years ago, Lenstra, Lenstra and Lov{\'a}sz presented their celebrated LLL lattice reduction algorithm. Among the various applications of the LLL algorithm is a method due to Coppersmith for finding small roots of polynomial equations. We give a survey of the applications of this root finding method to the problem of inverting the RSA function and the factorization problem. As we will see, most of the results are of a dual nature, they can either be interpreted as cryptanalytic results or as hardness/security results.",
isbn="978-3-642-02295-1",
doi="10.1007/978-3-642-02295-1_10",
url="https://doi.org/10.1007/978-3-642-02295-1_10"
}
@misc{wong2015,
author = {David Wong},
year = {2015},
title = {Lattice based attacks on RSA},
note = {\url{https://github.com/mimoo/RSA-and-LLL-attacks}}
}
@article{pohlig,
title={An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.)},
author={S. Pohlig and M. Hellman},
journal={IEEE Trans. Inf. Theory},
year={1978},
volume={24},
pages={106-110}
}
@misc{rocaopt,
title = {Optimization of the ROCA (CVE-2017-15361) Attack},
author = {Bruno Produit},
year = {2019}
}
@misc{giuliani99attackson,
author = {Kenneth Giuliani},
title = {Attacks on the Elliptic Curve Discrete Logarithm Problem},
year = {1999}
}
@article{mov,
author = {Luca, Florian and Mireles Morales, David and Shparlinski, Igor},
year = {2004},
month = {07},
pages = {},
title = {MOV attack in various subgroups on elliptic curves},
volume = {48},
journal = {Illinois Journal of Mathematics - ILL J MATH},
doi = {10.1215/ijm/1258131069}
}
@misc{smartass,
author = {Araki and Satoh and Semaev and Smart},
title = {Smart-ASS attack: For elliptic curves E/Fp of size p, the ECDLP can be solved very efficiently},
year = {1997}
}
@InProceedings{hnp,
author="Boneh, Dan
and Venkatesan, Ramarathnam",
editor="Koblitz, Neal",
title="Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes",
booktitle="Advances in Cryptology --- CRYPTO '96",
year="1996",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="129--142",
abstract="We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself",
isbn="978-3-540-68697-2"
}
@article{ecdsa_nonce,
author = {Nguyen, Phong Q. and Shparlinski, Igor E.},
title = {The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces},
year = {2003},
issue_date = {September 2003},
publisher = {Kluwer Academic Publishers},
address = {USA},
volume = {30},
number = {2},
issn = {0925-1022},
url = {https://doi.org/10.1023/A:1025436905711},
doi = {10.1023/A:1025436905711},
abstract = {Nguyen and Shparlinski have recently presented a polynomial-time algorithm that provably recovers the signer’s secret DSA key when a few consecutive bits of the random nonces k are hardcore},
journal = {Des. Codes Cryptography},
month = sep,
pages = {201–217},
numpages = {17},
keywords = {cryptanalysis, exponential sums, discrepancy, lattices, LLL, distribution, closest vector problem, elliptic curves, ECDSA}
}
@misc{ecdsa_result,
author = {Martin R. Albrecht and Nadia Heninger},
title = {On Bounded Distance Decoding with Predicate: Breaking the "Lattice Barrier" for the Hidden Number Problem},
howpublished = {Cryptology ePrint Archive, Report 2020/1540},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1540}},
}
@misc{cryptoeprint:2020:1151,
author = {Robert Merget and Marcus Brinkmann and Nimrod Aviram and Juraj Somorovsky and Johannes Mittmann and Jörg Schwenk},
title = {Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)},
howpublished = {Cryptology ePrint Archive, Report 2020/1151},
year = {2020},
note = {\url{https://eprint.iacr.org/2020/1151}},
}