A New Related Message Attack on RSA

نویسندگان

  • Oded Yacobi
  • Yacov Yacobi
چکیده

Coppersmith, Franklin, Patarin, and Reiter have shown that given two RSA cryptograms xemodN; and (ax + b)emodN for any known constants a; b 2 ZN one can compute x in O(e log e) ZN -operations with some positive error probability. We show that given e cryptograms ci (ax + b i)emodN; i = 0; 1; :::e 1; for any known constants a; b 2 ZN ; where gcd(a;N) = gcd(b;N) = gcd(e!; N) = 1; one can deterministically compute x in O(e) ZN -operations using

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A new and optimal chosen-message attack on RSA-type cryptosystems

Chosen-message attack on RSA is usually considered as an inherent property of its homomorphic structure. In this paper, we show that nonhomomorphic RSA-type cryptosystems are also susceptible to a chosen-message attack. In particular, we prove that only one message is needed to mount a successful chosen-message attack against the Lucas-based systems and Demytko’s elliptic curve system.

متن کامل

Manger's Attack Revisited

In this work we examine a number of different open source implementations of the RSA Optimal Asymmetric Encryption Padding (OAEP) and generally RSA with respect to the message-aimed timing attack introduced by James Manger in CRYPTO 2001. We show the shortcomings concerning the countermeasures in two libraries for personal computers, and address potential flaws in previously proposed countermea...

متن کامل

On the Multiple Fault Attacks on RSA Signatures with LSBs of Messages Unknown

In CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) introduced a fault attack on RSA signatures with partially unknown messages. They factored RSA modulus N using a single faulty signature and increased the bound of unknown messages by multiple fault attack, however, the complexity multiple fault attack is exponential in the number of faulty signatures. At RSA 2010, it was impro...

متن کامل

Lattice Reduction on Low-Exponent RSA

Coppersmith’s algorithm relies on a simple flaw in the RSA algorithm when messages are small compared to the public number N . Consider a message x encrypted with exponent e = 3 using modulus N for the public key where a < 3 √ N . Then the encryption z of x can be decrypted simply by taking the cube root, because the x operation never rotated x over the modulus N . This is a highly specific cas...

متن کامل

An Equidistant Message Power Attack Using Restricted Number of Traces on Reduction Algorithm

The RSA-CRT algorithm has been widely used for the efficiency of its exponent operation. Research has been announced about the physical susceptibility of RSA-CRT from various side channel attacks. Among them, Boer et al. proposed a brilliant differential power analysis (DPA) of CRT reduction with equidistant chosen messages that is called MRED (Modular reduction on Equidistant Data). This attac...

متن کامل

Defeating RSA Multiply-Always and Message Blinding Countermeasures

We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always countermeasures. We analyze the correlation between power measurements of two consecutive modular operations, and use this to e ciently recover individual key bits. Based upon simulation and practical application on a state-of-the-art smart card we sho...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005