How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves

Marc Joye, Jean Jacques Quisquater, Tsuyoshi Takagi

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)


Recently, and contrary to the common belief, Rivest and Silverman argued that the use of strong primes is unnecessary in the RSA cryptosystem. This paper analyzes how valid this assertion is for RSA-type cryptosystems over elliptic curves. The analysis is more difficult because the underlying groups are not always cyclic. Previous papers suggested the use of strong primes in order to prevent factoring attacks and cycling attacks. In this paper, we only focus on cycling attacks because for both RSA and its elliptic curve-based analogues, the length of the RSA-modulus n is typically the same. Therefore, a factoring attack will succeed with equal probability against all RSA-type cryptosystems. We also prove that cycling attacks reduce to find fixed points, and derive a factorization algorithm which (most probably) completely breaks RSA-type systems over elliptic curves if a fixed point is found.

Original languageEnglish
Pages (from-to)297-316
Number of pages20
JournalDesigns, Codes, and Cryptography
Issue number3
Publication statusPublished - Aug 2001
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Applied Mathematics
  • Discrete Mathematics and Combinatorics
  • Computer Science Applications


Dive into the research topics of 'How to Choose Secret Parameters for RSA-Type Cryptosystems over Elliptic Curves'. Together they form a unique fingerprint.

Cite this