Exploiting Decryption Failures in Mersenne Number Cryptosystems

Tiepelt, Marcel; D’Anvers, Jan-Pieter

doi:10.1145/3384940.3388957

Cited by 5 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mersenne primes are used in cryptography (see, e.g., [8,[20][21][22][23][24]). But to fix the ideas, only medium-sized Mersenne primes are used in cryptography.…”

Section: Resultsmentioning

confidence: 99%

Global Generalized Mersenne Numbers: Definition, Decomposition, and Generalized Theorems

Pletser

2024

Symmetry

View full text Add to dashboard Cite

A new generalized definition of Mersenne numbers is proposed of the form an−a−1n, called global generalized Mersenne numbers and noted GMa,n with base a and exponent n positive integers. The properties are investigated for prime n and several theorems on Mersenne numbers regarding their congruence properties are generalized and demonstrated. It is found that for any a, GMa,n−1 is even and divisible by n, a and a−1 for any prime n>2, and by aa−1+1 for any prime n>5. The remaining factor is a function of triangular numbers of a−1, specific for each prime n. Four theorems on Mersenne numbers are generalized and four new theorems are demonstrated, showing first that GMa,n≡1or7mod12 depending on the congruence of amod4; second, that GMa,n−1 are divisible by 10 if n≡1mod4 and, if n≡3mod4, GMa,n≡1or7or9mod10, depending on the congruence of amod5; third, that all factors ci of GMa,n are of the form 2nfi+1 such that ci is either prime or the product of primes of the form 2nj+1, with fi,j natural integers; fourth, that for prime n>2, all GMa,n are periodically congruent to ±1or±3mod8 depending on the congruence of amod8; and fifth, that the factors of a composite GMa,n are of the form 2nfi+1 with fi≡umod4 with u=0, 1, 2 or 3 depending on the congruences of nmod4 and of amod8. The potential use of generalized Mersenne primes in cryptography is shortly addressed.

show abstract

“…Mersenne primes are used in cryptography (see, e.g., [8,[20][21][22][23][24]). But to fix the ideas, only medium-sized Mersenne primes are used in cryptography.…”

Section: Resultsmentioning

confidence: 99%

Global Generalized Mersenne Numbers: Definition, Decomposition, and Generalized Theorems

Pletser

2024

Symmetry

View full text Add to dashboard Cite

show abstract

“…Mersenne primes are used in cryptography (see, e.g., [31], [1,3,7,18], [32]). But to fix the ideas, only medium-sized Mersenne primes are used in cryptography.…”

Section: Resultsmentioning

confidence: 99%

Global Generalized Mersenne Numbers: Definition, Decomposition, and Generalized Theorems

Pletser

2024

Preprint

View full text Add to dashboard Cite

A new generalized definition of Mersenne numbers is proposed of the form (a^n - (a-1)^n), called Global Generalized Mersenne numbers, or simply Generalized Mersenne numbers and noted GM_{a,n} where a is the base and n is the exponent, both being positive integers. The properties are investigated for prime exponents n and several theorems on Mersenne numbers regarding their congruence properties are generalized and demonstrated. In particular, it is found that, for any base a, Generalized Mersenne numbers are in general such that (GM_{a,n} - 1) are even and divisible by n, a and (a-1) for any odd prime exponent n and by (a(a-1)+1) for any prime exponent n > 5. The remaining factor is a function of triangular numbers of (a-1), specific to each prime exponent n. Four theorems on Mersenne numbers are generalized and four new theorems are demonstrated, allowing to show first, that (GM_{a,n} - 1) are divisible by 6, and more precisely GM_{a,n} are congruent to 1(mod 12) or 7(mod 12) depending on the congruence of the base a(mod 4); second, that (GM_{a,n} - 1) are divisible by 10 if n == 1(mod 4) and, if n == 3(mod 4), GM_{a,n} == 1(mod 10), or 7(mod 10) or 9(mod 10) depending on the congruence of the base a(mod 5); third, that all factors c_{i} of GM_{a,n} are of the form (2nf_{i}+1) with f_{i} natural integers such that c_{i} is prime itself or the product of primes of the form (2nj+1) with j natural integer; fourth, that for odd prime exponents n, all GM_{a,n} are periodically congruent to either +/-1\(mod 8) or +/-3(mod 8) depending on the congruence of the base a(mod 8); and fifth, that the factors of a composite GM_{a,n} is of the form (2nf_{i}+1) with f_{i} == u(mod 4) and u being either 0, 1, 2 or 3 depending on the congruence of the exponent n(mod 4) and on the congruence of the base a(mod 8). The potential use of Generalized Mersenne primes in cryptography is shortly addressed.

show abstract

“…• Mersenne number based schemes typically admit a low probability of decryption failure that can be exploited to gain information about secret keys [63]. • Group-based ciphers have been proposed, however, large expansion of encrypted data [42] and attacks on promising group-based NIST candidates like WalnutDSA [43] make group based knapsack ciphers unsuitable postquantum cryptographic candidates.…”

Section: ) Other Classical Cryptographic Systemsmentioning

confidence: 99%