A New Method of Constructing a Lattice Basis and Its Applications to Cryptanalyse Short Exponent RSA
نویسندگان
چکیده
We provide a new method of constructing an optimal lattice. Applying our method to the cryptanalysis of the short exponent RSA, we obtain our results which extend Boneh and Durfee’s work. Our attack methods are based on a generalization to multivariate modular polynomial equation. The results illustrate the fact that one should be careful when using RSA key generation process with special parameters.
منابع مشابه
On the Design of RSA with Short Secret Exponent
Based on continued fractions Wiener showed that a typical RSA system can be totally broken if its secret exponent d < 25 . 0 N where N is the RSA modulus. Recently, based on lattice basis reduction, Boneh and Durfee presented a new short secret exponent attack which improves Wiener’s bound up to d < 292 . 0 N . In this paper we show that it is possible to use a short secret exponent which is lo...
متن کاملNew Partial Key Exposure Attacks on RSA Revisited
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e > N . Attacks for known most significant bits and known least significant bits were presented. In this work, we extend their attacks to multi-prime RSA. For r-prime RSA, these result in the first known p...
متن کاملCryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
LSBS-RSA denotes an RSA system with modulus primes, p and q, sharing a large number of least signi cant bits. In ISC 2007, Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we point out that there exist some errors in the calculation of Zhao & Qis attack. Af...
متن کاملLattice based Attacks on Small Private Exponent RSA: A Survey
Lattice basis reduction algorithms have contributed a lot to cryptanalysis of RSA crypto system. With coppersmith’s theory of polynomials, these algorithms are searching for the weak instances of Number-theoretic cryptography, mainly RSA. In this paper we present several lattice based attacks on low private exponent of RSA.
متن کاملMinkowski sum based lattice construction for solving simultaneous modular equations and applications to RSA
We investigate a lattice construction method for the Coppersmith technique for finding small solu-tions of a modular equation. We consider its variant for simultaneous equations and propose a methodto construct a lattice by combining lattices for solving single equations. As applications, we consider(i) a new RSA cryptanalysis for multiple short secret exponents, (ii) its partial ke...
متن کامل