Short secret exponent attack on LSBS-RSA
نویسندگان
چکیده
LSBS-RSA is a variation of RSA cryptosystem with modulus primes p, q, sharing a large number of least significant bits. As original RSA, LSBS-RSA is also vulnerable to the short secret exponent attack. Sun et al. [15] studied this problem and they provided the bound for secret exponent as: 2 2 5 4 3 1 6 1 3 6 3 2 2 6 γ β α α γ α − < + − + − − . Their bound does not reduce to the optimal bound 0.292 for original RSA, which is provided by Boneh-Durfee. In this paper, we achieve the bound 1 2 2 γ β αγ < − − which reduces to the Boneh-Durfee optimal bound. Keyword: Lattice reduction, unravelled linearization, LSBS-RSA. Received March 7, 2013; accepted June 9, 2014; published online August 9, 2015
منابع مشابه
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
LSBS-RSA denotes an RSA system with modulus primes, p and q, sharing a large number of least signi cant bits. In ISC 2007, Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we point out that there exist some errors in the calculation of Zhao & Qis attack. Af...
متن کاملPartial Key Exposure Attacks on Rsa and Its Variant by Guessing a Few Bits of One of the Prime Factors
Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p subs...
متن کاملOn the Improvement of the BDF Attack on LSBS-RSA
An (α, β, γ)-LSBS RSA denotes an RSA system with primes sharing α least significant bits, private exponent d with β least significant bits leaked, and public exponent e with bit-length γ. Steinfeld and Zheng showed that LSBS-RSA with small e is inherently resistant to the BDF attack, but LSBS-RSA with large e is more vulnerable than standard RSA. In this paper, we improve the BDF attack on LSBS...
متن کاملCryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
At Asiacrypt ’99, Sun, Yang and Laih proposed three RSA variants with short secret exponent that resisted all known attacks, including the recent Boneh-Durfee attack from Eurocrypt ’99 that improved Wiener’s attack on RSA with short secret exponent. The resistance comes from the use of unbalanced primes p and q. In this paper, we extend the Boneh-Durfee attack to break two out of the three prop...
متن کاملAn Attack on RSA Using LSBs of Multiples of the Prime Factors
Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N and its extension by Boneh and Durfee to d < N show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can be broken in polynomial time under special conditions. For example, various partial key exposure attacks on RSA and some att...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Int. Arab J. Inf. Technol.
دوره 12 شماره
صفحات -
تاریخ انتشار 2015