Abstract
This paper presents our investigation of the implicit factorization problem, where unknown prime factors of two RSA moduli share a certain number of middle bits. The problem is described as follows. Let N1 = p1q1, N2 = p2q2 be two different n-bit RSA moduli, where q1, q2 are both αn-bit prime integers. Suppose that p1, p2 share tn bits at positions from t1n to t2n = (t1 + t)n. Then this problem focuses on the condition about t, α to factor N1,N2 efficiently. At PKC 2010, Faugère et al. showed that N1,N2 can be factored when t> 4α. Subsequently, in 2015, Peng et al. improved this bound to t> 4α−3α2. In this paper, we directly apply Coppersmith’s method to the implicit factorization problem with shared middle bits, and a better bound \(t > 4\alpha - 4{\alpha ^{\frac{3}{2}}}\) is obtained. The correctness of our approach is verified by experiments.
