Using RSA with low exponent in a public network
نویسندگان
چکیده
WEI-HUA HE, TZONG-CHEN WU AND CHIH-YIN LIN Department of Information Management Chaoyang University of Technology Taichung, 413 Taiwan E-mail: [email protected] Department of Information Management National Taiwan University of Science and Technology Taipei, 106 Taiwan E-mail: [email protected] Institute of Information Management National Chiao Tung University Hsinchu, 300 Taiwan E-mail: [email protected]
منابع مشابه
Low-Exponent RSA with Related Messages
In this paper we present a new class of attacks against RSA with low encrypting exponent. The attacks enable the recovery of plaintext messages from their ciphertexts and a known polynomial relationship among the messages, provided that the ciphertexts were created using the same RSA public key with low encrypting exponent.
متن کاملCryptanalysis of Multi Prime RSA with Secret Key Greater than Public Key
The efficiency of decryption process of Multi prime RSA, in which the modulus contains more than two primes, can be speeded up using Chinese remainder theorem (CRT). On the other hand, to achieve the same level of security in terms integer factorization problem the length of RSA modulus must be larger than the traditional RSA case. In [9], authors studied the RSA public key cryptosystem in a sp...
متن کاملThe Effectiveness of Lattice Attacks Against Low-Exponent RSA
At Eurocrypt ’96, Coppersmith presented a novel application of lattice reduction to find small roots of a univariate modular polynomial equation. This led to rigorous polynomial attacks against RSA with low public exponent, in some particular settings such as encryption of stereotyped messages, random padding, or broadcast applications à la Hast̊ad. Theoretically, these are the most powerful kno...
متن کاملAn Attack on RSA Using LSBs of Multiples of the Prime Factors
Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener’s famous attack on RSA with d < N and its extension by Boneh and Durfee to d < N show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can be broken in polynomial time under special conditions. For example, various partial key exposure attacks on RSA and some att...
متن کاملVariants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures
We give three variants and improvements of Bleichenbacher’s low-exponent attack from CRYPTO 2006 on PKCS#1 v1.5 RSA signatures. For each of these three variants the fake signature representatives are accepted as valid by a flawed implementation. Our attacks work against much shorter keys as Bleichenbacher’s original attack, i.e. even for usual 1024 bit RSA keys. The first two variants can be us...
متن کاملShort-Exponent RSA
In some applications, a short private exponent d is chosen to improve the decryption or signing process for RSA public key cryptosystem. However, in a typical RSA, if the private exponent d is selected first, the public exponent e should be of the same order of magnitude as φ(N). Sun et al. devised three RSA variants using unbalanced prime factors p and q to lower the computational cost. Unfort...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Inf. Sci. Eng.
دوره 18 شماره
صفحات -
تاریخ انتشار 1998