• Received : 2012.06.26
  • Published : 2014.09.30


In this paper, we analyze the security of the KMOV public key cryptosystem. KMOV is based on elliptic curves over the ring $\mathbb{Z}_n$ where n = pq is the product of two large unknown primes of equal bit-size. We consider KMOV with a public key (n, e) where the exponent e satisfies an equation ex-(p+1)(q+1)y = z, with unknown parameters x, y, z. Using Diophantine approximations and lattice reduction techniques, we show that KMOV is insecure when x, y, z are suitably small.


  1. J. Blomer and A. May, A generalized Wiener attack on RSA, In Public Key Cryptography-PKC 2004, volume 2947 of Lecture Notes in Computer Science, pp. 1-13. Springer-Verlag, 2004.
  2. D. Boneh, Twenty years of attacks on the RSA cryptosystem, Notices Amer. Math. Soc. 46 (1999), no. 2, 203-213.
  3. D. Coppersmith, Small solutions to polynomial equations, and low exponent RSA vul-nerabilities, J. Cryptology 10 (1997), no. 4, 233-260.
  4. G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, Oxford University Press, London, 1975.
  5. M. J. Hinek, Cryptanalysis of RSA and its Variants, Chapman & Hall/CRC Cryptography and Network Security, CRC Press, Boca Raton, FL, 2010.
  6. B. Ibrahimpasic, Cryptanalysis of KMOV cryptosystem with short secret exponent, Central European Conference on Information and Intelligent Systems, CECIIS, 2008.
  7. K. Koyama, U. M. Maurer, T. Okamoto, and S. A. Vanstone, New public-key schemes based on elliptic curves over the ring $\mathbb{Z}_n$, Advances in Cryptology - Crypto'91, Lecture Notes in Computer Science, Vol. 576, 252-266, Springer-Verlag, 1991.
  8. R. G. E. Pinch, Extending the Wiener attack to RSA-type cryptosystems, Electronics Letters 31 (1995), 1736-1738.
  9. R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Comm. ACM 21 (1978), no. 2, 120-126.
  10. J. H. Silverman, The Arithmetic of Elliptic Curves, Springer-Verlag, GTM 106, 1986; Expanded 2nd Edition, 2009.
  11. M. Wiener, Cryptanalysis of short RSA secret exponents, IEEE Trans. Inform. Theory 36 (1990), no. 3, 553-558.

Cited by

  1. A new generalization of the KMOV cryptosystem 2017,