Cryptanalysis of RSA with Private Key d Less than N0.292
نویسندگان
چکیده
We show that if the private exponent d used in the RSA public-key cryptosystem is less than N then the system is insecure. This is the first improvement over an old result of Wiener showing that when d < N the RSA system is insecure. We hope our approach can be used to eventually improve the bound to d < N.
منابع مشابه
Cryptanalysis of RSA with constrained keys
Let n = pq be an RSA modulus with unknown prime factors of equal bit-size. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 (mod φ(n)) where φ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted to use a small private exponent d. Unfortunately, in 1990, Wiener showed that private exponents smaller than...
متن کاملCryptanalysis of RSA with Small Prime Difference using Unravelled Linearization
R. Rivest, A. Shamir and L. Adleman," A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, vol. 21, No. 2, pp. 120-126,1978. Wiener, M. : Cryptanalysis of short RSA secret exponents, IEEE Transactions on Information Theory 36, 553-558 (1990). Boneh, D. , Durfee, G. : Cryptanalysis of RSA with Private Key d Less Than N^0. 292, Advances in ...
متن کاملPartial Key Exposure Attacks on Rsa and Its Variant by Guessing a Few Bits of One of the Prime Factors
Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We first study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. The basic lattice based technique is similar to that of Ernst et al. in Eurocrypt 2005. However, our idea of guessing a few MSBs of the secret prime p subs...
متن کاملPartial Key Exposure Attack on RSA - Improvements for Limited Lattice Dimensions
Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt 2005, a lattice based attack on this problem was proposed by Ernst, Jochemsz, May and de Weger. In this paper, we pr...
متن کاملPerformance Analysis of Countermeasures against Timing Attack in RSA Algorithm
Public key cryptography is based on two keys, in which decryption key is private key. Among the different cryptanalytic attacks, timing attack is one of the possible attacks on RSA that determines bits of private key. This is done by determining time for each iteration in computing modular exponentiation. There are different mechanisms to counter such attack. Among them, blinding method and ran...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEEE Trans. Information Theory
دوره 46 شماره
صفحات -
تاریخ انتشار 1999