Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack
نویسندگان
چکیده
In the RSA system, balanced modulus N denotes a product of two large prime numbers p and q, where q < p < 2q. Since IntegerFactorization is difficult, p and q are simply estimated as √ N . In the Wiener attack, 2 √ N is adopted to be the estimation of p+ q in order to raise the security boundary of private-exponent d. This work proposes a novel approach, called EPF, to determine the appropriate prime-factors of N . The estimated values are called ”EPFs of N”, and are denoted as pE and qE . Thus pE and qE can be adopted to estimate p + q more accurately than by simply adopting 2 √ N . In addition, we show that the Verheul and Tilborg’s extension of the Wiener attack can be considered to be brute-guessing for the MSBs of p+ q. Comparing with their work, EPF can extend the Wiener attack to reduce the cost of exhaustivesearching for 2r+8 bits down to 2r−10 bits, where r depends on N and the private key d. The security boundary of private-exponent d can be raised 9 bits again over Verheul and Tilborg’s result.
منابع مشابه
New Attacks on RSA with Small Secret CRT-Exponents
It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p− 1 and q − 1. We call such an exponent d a small CRT-exponent. It is one of the major open problems in attacking RSA whether there exists a polynomial time attack for small CRT-exponents, i.e. a result that can be considered as an equivalent to the Wiener and Boneh-Dur...
متن کاملA New Attack on Three Variants of the RSA Cryptosystem
In 1995, Kuwakado, Koyama and Tsuruoka presented a new RSA-type scheme based on singular cubic curves y2 ≡ x3+bx2 (mod N) where N = pq is an RSA modulus. Then, in 2002, Elkamchouchi, Elshenawy and Shaban introduced an extension of the RSA scheme to the field of Gaussian integers using a modulus N = PQ where P and Q are Gaussian primes such that p = |P| and q = |Q| are ordinary primes. Later, in...
متن کاملA generalized attack on RSA type cryptosystems
Let N = pq be an RSA modulus with unknown factorization. Some variants of the RSA cryptosystem, such as LUC, RSA with Gaussian primes and RSA type schemes based on singular elliptic curves use a public key e and a private key d satisfying an equation of the form ed − k ( p − 1 ) ( q − 1 ) = 1. In this paper, we consider the general equation ex− ( p − 1 ) ( q − 1 ) y = z and present a new attack...
متن کاملAn algorithm to obtain an RSA modulus with a large private key
Sufficient conditions are obtained on the prime factors of an RSA modulus in order to avoid Wiener and Boneh-Durfee attacks. The public exponent can be chosen arbitrarily.
متن کاملOn the Improvement of Wiener Attack on RSA with Small Private Exponent
RSA system is based on the hardness of the integer factorization problem (IFP). Given an RSA modulus N = pq, it is difficult to determine the prime factors p and q efficiently. One of the most famous short exponent attacks on RSA is the Wiener attack. In 1997, Verheul and van Tilborg use an exhaustive search to extend the boundary of the Wiener attack. Their result shows that the cost of exhaus...
متن کامل