Small primitive roots and malleability of RSA moduli


Abstract in English

In a paper of P. Paillier and J. Villar a conjecture is made about the malleability of an RSA modulus. In this paper we present an explicit algorithm refuting the conjecture. Concretely we can factorize an RSA modulus n using very little information on the factorization of a concrete n coprime to n. However, we believe the conjecture might be true, when imposing some extra conditions on the auxiliary n allowed to be used. In particular, the paper shows how subtle the notion of malleability is.

Download