Cryptanalysis of RSA with Private Key d Less than N0.292

نویسندگان

  • Dan Boneh
  • Glenn Durfee
چکیده

We show that if the private exponent d used in the RSA public-key cryptosystem is less than N then the system is insecure. This is the first improvement over an old result of Wiener showing that when d < N the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d < N.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Cryptanalysis of RSA with constrained keys

Let n = pq be an RSA modulus with unknown prime factors of equal bit-size. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted to use a small private exponent d. Unfortunately, in 1990, Wiener showed that private exponents smaller than...

متن کامل

Cryptanalysis of RSA with Small Prime Difference using Unravelled Linearization

R. Rivest, A. Shamir and L. Adleman,&quot; A Method for Obtaining Digital Signatures and Public-Key Cryptosystems&quot;, Communications of the ACM, vol. 21, No. 2, pp. 120-126,1978. Wiener, M. : Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory 36, 553-558 (1990). Boneh, D. , Durfee, G. : Cryptanalysis of RSA with Private Key d Less Than N^0. 292, Advances in ...

متن کامل

Partial Key Exposure Attacks on Rsa and Its Variant by Guessing a Few Bits of One of the Prime Factors

Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p subs...

متن کامل

Partial Key Exposure Attack on RSA - Improvements for Limited Lattice Dimensions

Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt 2005, a lattice based attack on this problem was proposed by Ernst, Jochemsz, May and de Weger. In this paper, we pr...

متن کامل

Performance Analysis of Countermeasures against Timing Attack in RSA Algorithm

Public key cryptography is based on two keys, in which decryption key is private key. Among the different cryptanalytic attacks, timing attack is one of the possible attacks on RSA that determines bits of private key. This is done by determining time for each iteration in computing modular exponentiation. There are different mechanisms to counter such attack. Among them, blinding method and ran...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IEEE Trans. Information Theory

دوره 46  شماره 

صفحات  -

تاریخ انتشار 1999