A generalized attack on RSA type cryptosystems

Abstract Let N = p q be an RSA modulus with unknown factorization. Some variants of the RSA cryptosystem, such as LUC, RSA with Gaussian primes and RSA type schemes based on singular elliptic curves use a public key e and a private key d satisfying an equation of the form e d − k ( p 2 − 1 ) ( q 2 − 1 ) = 1 . In this paper, we consider the general equation e x − ( p 2 − 1 ) ( q 2 − 1 ) y = z and present a new attack that finds the prime factors p and q in the case that x , y and z satisfy a specific condition. The attack combines the continued fraction algorithm and Coppersmith's technique and can be seen as a generalization of the attacks of Wiener and Blomer–May on RSA.

[1]  Johannes Blömer,et al.  A Generalized Wiener Attack on RSA , 2004, Public Key Cryptography.

[2]  Tsuyoshi Takagi,et al.  A New Public-Key Cryptosystem over a Quadratic Order with Quadratic Decryption Time , 2000, Journal of Cryptology.

[3]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[4]  Willy Susilo,et al.  A New Attack on Three Variants of the RSA Cryptosystem , 2016, ACISP.

[5]  Bernadin Ibrahimpašić A cryptanalytic attack on the LUC cryptosystem using continued fractions , 2009 .

[6]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[7]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[8]  G. Hardy,et al.  An Introduction to the Theory of Numbers , 1938 .

[9]  M. Hinek Cryptanalysis of RSA and Its Variants , 2009 .

[10]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[11]  Tsuyoshi Takagi,et al.  Fast RSA-Type Cryptosystem Modulo pkq , 1998, CRYPTO.

[12]  Benne de Weger,et al.  Cryptanalysis of RSA with Small Prime Difference , 2002, Applicable Algebra in Engineering, Communication and Computing.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Hidenori Kuwakado,et al.  A New RSA-Type Scheme Based on Singular Cubic Curves y^2≡x^3+bx^2 (mod n) , 1995 .

[15]  Johan Håstad,et al.  Solving Simultaneous Modular Equations of Low Degree , 1988, SIAM J. Comput..

[16]  Tatsuaki Okamoto,et al.  New Public-Key Schemes Based on Elliptic Curves over the Ring Zn , 1991, CRYPTO.

[17]  Guilhem Castagnos An efficient probabilistic public-key cryptosystem over quadratic fields quotients , 2007, Finite Fields Their Appl..

[18]  Dan Boneh,et al.  Fast Variants of RSA , 2007 .

[19]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[20]  Peter J. Smith,et al.  LUC: A New Public Key System , 1993, SEC.

[21]  H. Elkamchouchi,et al.  Extended RSA cryptosystem and digital signature schemes in the domain of Gaussian integers , 2002, The 8th International Conference on Communication Systems, 2002. ICCS 2002..

[22]  Abderrahmane Nitaj,et al.  Another Generalization of Wiener's Attack on RSA , 2008, AFRICACRYPT.

[23]  Alexander May,et al.  New RSA vulnerabilities using lattice reduction methods , 2003 .