Cryptanalytic results on ‘Dual CRT’ and ‘Common Prime’ RSA

In this paper we study weaknesses of two variants of RSA: Dual RSA and Common Prime RSA. Several schemes under the framework of Dual RSA have been proposed by Sun et al. (IEEE Trans Inf Theory 53(8):2922–2933, 2007). We here concentrate on the Dual CRT-RSA scheme and present certain range of parameters where it is insecure. As a corollary of our work, we prove that the Dual Generalized Rebalanced-RSA (Scheme III of Sun et al.) can be efficiently broken for a significant region where the scheme has been claimed to be secure. Next we consider the Common Prime RSA as proposed by Wiener (IEEE Trans. Inf. Theory 36:553–558, 1990). We present new range of parameters in Common Prime RSA where it is not secure. We use lattice based techniques for the attacks.

[1]  Dan Boneh,et al.  Exposing an RSA Private Key Given a Small Fraction of its Bits , 1998 .

[2]  Charles C. Y. Lam,et al.  On the security of some variants of rsa , 2007 .

[3]  Alexander May,et al.  Cryptanalysis of Unbalanced RSA with Small CRT-Exponent , 2002, CRYPTO.

[4]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[5]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[6]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[7]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[8]  Alexander May,et al.  A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 , 2007, CRYPTO.

[9]  M. Jason Hinek,et al.  Another Look at Small RSA Exponents , 2006, CT-RSA.

[10]  Alexander May,et al.  New Attacks on RSA with Small Secret CRT-Exponents , 2006, Public Key Cryptography.

[11]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[12]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[15]  Steven D. Galbraith,et al.  Tunable Balancing of RSA , 2005, ACISP.

[16]  Hung-Min Sun,et al.  Dual RSA and Its Security Analysis , 2007, IEEE Transactions on Information Theory.

[17]  Alexander May,et al.  A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants , 2006, ASIACRYPT.

[18]  Nick Howgrave-Graham,et al.  Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[19]  M. Hinek Cryptanalysis of RSA and Its Variants , 2009 .

[20]  Maike Ritzenhofen,et al.  On efficiently calculating small solutions of systems of polynomial equations: lattice-based methods and applications to cryptography , 2010 .

[21]  Chae Hoon Lim,et al.  Security and Performance of Server-Aided RSA Computation Protocols , 1995, CRYPTO.

[22]  Dan Boneh,et al.  An Attack on RSA Given a Small Fraction of the Private Key Bits , 1998, ASIACRYPT.