Inquiry About Polynomial Modification in Boneh-Durfee Implementation

[windyLiu0314]

Hello David,

I am a cryptography graduate student from China, and I have been exploring your implementation of the Boneh-Durfee attack. I find your work very insightful and helpful for my studies.

I have a question regarding the polynomial used in the implementation, specifically pol = 1 + x * (A + y). I understand that in RSA, the usual relation is e * d ≡ 1 (mod φ(N)). I'm curious about the effect of modifying this to e * (d - φ(N)) ≡ 1 (mod φ(N)), as theoretically, these should be equivalent modulo φ(N).

Could you please clarify the following:

If there would be any impacts or necessary adjustments in the codebase if the polynomial is modified to explicitly reflect e * (d - φ(N)).
Any insights you could provide would be very beneficial for my understanding and academic research.

Thank you very much for your time and for sharing your valuable work.

Best regards,
Windy

[KXAND]

可能我没有理解你的意思，而且我只是本科生，不过：

Boneh-Durfee 攻击的原理中模的不是e吗？而且phiN应该是未知的？所以对于式子k（A+s） == 1 mod e来说，你的式子只是等价于将k替换成k+e，二者同余？

[windyLiu0314]

感谢你的回复，我已经解决了这个问题，十分感谢你的帮助！