Small secret exponent attack on RSA variant with modulus N=prq
نویسنده
چکیده
We consider an RSA variant with Modulus N = p2q. This variant is known as Prime Power RSA. In PKC 2004 May proved when decryption exponent d < N0.22, one can factor N in polynomial time. In this paper, we improve this bound upto N0.395. We provide detailed experimental results to justify our claim.
منابع مشابه
Secret Exponent Attacks on RSA-type Schemes with Moduli N= prq
We consider RSA-type schemes with modulus N = pq for r ≥ 2. We present two new attacks for small secret exponent d. Both approaches are applications of Coppersmith’s method for solving modular univariate polynomial equations [5]. From these new attacks we directly derive partial key exposure attacks, i.e. attacks when the secret exponent is not necessarily small but when a fraction of the secre...
متن کاملOn the Design of RSA with Short Secret Exponent
Based on continued fractions Wiener showed that a typical RSA system can be totally broken if its secret exponent d < 25 . 0 N where N is the RSA modulus. Recently, based on lattice basis reduction, Boneh and Durfee presented a new short secret exponent attack which improves Wiener’s bound up to d < 292 . 0 N . In this paper we show that it is possible to use a short secret exponent which is lo...
متن کاملNew Attacks on RSA with Small Secret CRT-Exponents
It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p− 1 and q − 1. We call such an exponent d a small CRT-exponent. It is one of the major open problems in attacking RSA whether there exists a polynomial time attack for small CRT-exponents, i.e. a result that can be considered as an equivalent to the Wiener and Boneh-Dur...
متن کاملCryptanalysis of short RSA secret exponents
A cryptanalytic attack on the use of short RSA secret exponents is described. This attack makes use of an algorithm based on continued fractions which finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public exponent e and the modulus pq can be used to create an estimate of a fraction which involves the secret exponen...
متن کاملCommon modulus attacks on small private exponent RSA and some fast variants (in practice)
In this work we re-examine two common modulus attacks on RSA. First, we show that Guo’s continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N the attack can factor the modulus about 93% of the time in practice. The success rate of the attack can be increased up to almost 10...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Des. Codes Cryptography
دوره 73 شماره
صفحات -
تاریخ انتشار 2014