Cryptanalysis of RSA with Small Prime Difference using Unravelled Linearization

Cryptanalysis of RSA with Small Prime Difference using Unravelled Linearization

In 2002, de Weger showed that choosing an RSA modulus with a small difference of primes improves the attack given by Boneh-Durfee. For this attack, de Weger used the complicated geometrical progressive matrices, introduced by BonehDurfee. In this paper, we analyzed by using another technique called unravelled linearization.

Lattice-based Cryptanalysis using Unravelled Linearization

Improved Factoring Attacks on Multi-prime RSA with Small Prime Difference

In this paper, we study the security of multi-prime RSA with small prime difference and propose two improved factoring attacks. The modulus involved in this variant is the product of r distinct prime factors of the same bit-size. Zhang and Takagi (ACISP 2013) showed a Fermat-like factoring attack on multi-prime RSA. In order to improve the previous result, we gather more information about the p...

Attacking Power Generators Using Unravelled Linearization: When Do We Output Too Much?

We look at iterated power generators si = s e i−1 mod N for a random seed s0 ∈ ZN that in each iteration output a certain amount of bits. We show that heuristically an output of (1− 1 e ) logN most significant bits per iteration allows for efficient recovery of the whole sequence. This means in particular that the Blum-Blum-Shub generator should be used with an output of less than half of the b...

A Generalized Wiener Attack on RSA

We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ ∗ φ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in polynomial time for every (N, e) satisfying ex + y = 0 mod φ(N) with x < 1 3 N 1 4 and |y| = O(N− 3 4 ex). In ot...