Breaking Public Keys - How to Determine an Unknown RSA Public Modulus
نویسنده
چکیده
Not surprisingly, the common use of any public key crypto system involves publishing the public key and keeping the private key secret. There are however a few applications where both the private and public key are kept secret, thereby effectively converting a public key crypto algorithm to a symmetric algorithm. We show that if the RSA cryptosystem is used in such a symmetric application, it is possible to determine the public RSA modulus if the public exponent is known and short, such as 3 or F4=65537, and two or more plaintext/ciphertext (or, if RSA is used for signing, signed value/signature) pairs are known.
منابع مشابه
A New Vulnerable Class of Exponents in RSA
Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bit-size. We consider the class of the public exponents satisfying an equation eX − NY = (ap + bq)Z with 0 < a < q, b = [ ap q ] (here [x] denotes the nearest integer to x) and |XZ| < N 2(ap + bq) , and all prime factors of |Z| are less than 10. Using the continued fraction algorithm and the Elliptic Curve Metho...
متن کاملOn the Security of a Modified Paillier Public-Key Primitive
Choi et al. proposed the modified Paillier cryptosystem (M-Paillier cryptosystem). They use a special public-key g ∈ ZZ/nZZ such that gφ(n) = 1 + n mod n2, where n is the RSA modulus. The distribution of the public key g is different from that of the original one. In this paper, we study the security of the usage of the public key. Firstly, we prove that the one-wayness of the M-Paillier crypto...
متن کاملFault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable
After attacking the RSA by injecting fault and corresponding countermeasures, works appear now about the need for protecting RSA public elements against fault attacks. We provide here an extension of a recent attack [BCG08] based on the public modulus corruption. The difficulty to decompose the ”Left-To-Right” exponentiation into partial multiplications is overcome by modifying the public modul...
متن کاملExperimenting with Shared Generation of RSA Keys
We describe an implementation of a distributed algorithm to generate a shared RSA key. At the end of the computation, an RSA modulus N = pq is publicly known. All servers involved in the computation are convinced that N is a product of two large primes, however none of them know the factorization of N . In addition, a public encryption exponent is publicly known and each server holds a share of...
متن کاملApplication of ECM to a Class of RSA keys
Let N = pq be an RSA modulus where p, q are large primes of the same bitsize and φ(N) = (p − 1)(q − 1). We study the class of the public exponents e for which there exist integers X, Y , Z satisfying
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012