RSA及其变体算法的格分析方法研究进展  被引量：2

作　　者：周永彬[1,2,3] 姜子铭 王天宇 袁思蒙 许军 王鲲鹏[1,2] 刘月君 ZHOU Yong-Bin;JIANG Zi-Ming;WANG Tian-Yu;YUAN Si-Meng;XU Jun;WANG Kun-Peng;LIU Yue-Jun(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;School of Cyber Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049 [3]南京理工大学网络空间安全学院,江苏南京210094

出　　处：《软件学报》2023年第9期4310-4335,共26页Journal of Software

基　　金：国家自然科学基金(U1936209,61632020,62002353,61872442);北京市自然科学基金(4192067);信工所攀登计划(E0Z0251112)。

摘　　要：格分析是一种利用格困难问题的求解算法分析公钥密码安全性的分析方法,是研究RSA类密码算法安全性的有力数学工具之一.格分析的关键在于构造格基,虽然目前已有通用简洁的格基构造策略,然而,这种通用方法无法充分、灵活地利用RSA及其变体的代数结构.近年来, RSA类算法的格分析工作大多在通用策略的基础上引入特殊格基构造技巧.首先介绍了格分析方法以及通用格基构造策略,并总结提炼了几种常用格基构造技巧;其次,回顾了标准RSA算法格分析的主要成果,即模数分解攻击、小解密指数攻击以及部分私钥泄漏攻击;然后,总结了几种主流RSA变体算法的特殊代数结构,及其适用的特殊格基构造技巧;最后,对现有RSA及其变体算法的格分析工作进行了分类总结,并展望了格分析方法的研究与发展方向.Lattice-based cryptanalysis,an analysis method using the algorithms solving hard Lattice problems to analyze the security of public-key cryptosystems,has become one of the powerful mathematical tools for studying the security of the Rivest-Shamir-Adleman(RSA)-type cryptographic algorithms.The key point of this method is the construction of the Lattice basis.There exists a general strategy for Lattice basis construction.However,this general strategy fails to fully and flexibly utilize the algebraic structure of the RSA algorithm and its variants.In recent years,Lattice-based cryptanalysis of RSA-type algorithms mostly focuses on introducing special techniques of Lattice base construction on the basis of the general strategy.This study starts by outlining Lattice-based cryptanalysis and the general strategy for Lattice basis construction and summarizing several commonly used techniques of Lattice basis construction.Subsequently,the main achievements in Lattice-based cryptanalysis of the standard RSA algorithm are reviewed,and they involve factoring with known bits,small private exponent attacks,and partial key exposure attacks.Then,the special algebraic structures of several mainstream variants of the RSA algorithm and the techniques of Lattice basis construction applicable to these variants are summarized.Finally,the available work on Lattice-based cryptanalysis of the RSA algorithm and its variants is classified and summed up,and the prospects of the research and development of lattice-based cryptanalysis are presented.

关 键 词：RSA Coppersmith方法 格分析 RSA变体 LLL算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]