Another Look at Small RSA Exponents

In this work we consider a variant of RSA whose public and private exponents can be chosen significantly smaller than in typical RSA. In particular, we show that it is possible to have private exponents smaller than N1/4 which are resistant to all known small private exponent attacks. This allows for instances of RSA with short CRT-exponents and short public exponents. In addition, the number of bits required to store the private key information can be significantly reduced in this variant.

[1]  Ron Steinfeld,et al.  Converse Results to the Wiener Attack on RSA , 2005, Public Key Cryptography.

[2]  Eric R. Verheul,et al.  Cryptanalysis of ‘Less Short’ RSA Secret Exponents , 1997, Applicable Algebra in Engineering, Communication and Computing.

[3]  Dan Boneh,et al.  An Attack on RSA Given a Small Fraction of the Private Key Bits , 1998, ASIACRYPT.

[4]  Marc Girault,et al.  An Identity-based Identification Scheme Based on Discrete Logarithms Modulo a Composite Number , 1991, EUROCRYPT.

[5]  Alexander May,et al.  Secret Exponent Attacks on RSA-type Schemes with Moduli N= prq , 2004, Public Key Cryptography.

[6]  Nick Howgrave-Graham,et al.  Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[7]  Dan Boneh,et al.  Fast Variants of RSA , 2007 .

[8]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[9]  Chae Hoon Lim,et al.  Security and Performance of Server-Aided RSA Computation Protocols , 1995, CRYPTO.

[10]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[11]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[12]  Alexander May,et al.  Cryptanalysis of Unbalanced RSA with Small CRT-Exponent , 2002, CRYPTO.

[13]  Benne de Weger,et al.  Partial Key Exposure Attacks on RSA up to Full Size Exponents , 2005, EUROCRYPT.

[14]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Dan Boneh,et al.  Exposing an RSA Private Key Given a Small Fraction of its Bits , 1998 .

[17]  Johannes Blömer,et al.  Low Secret Exponent RSA Revisited , 2001, CaLC.

[18]  Andrej Dujella,et al.  Continued fractions and RSA with small secret exponent , 2004, ArXiv.

[19]  Steven D. Galbraith,et al.  Tunable Balancing of RSA , 2005, ACISP.

[20]  Jean-Sébastien Coron,et al.  Finding Small Roots of Bivariate Integer Polynomial Equations Revisited , 2004, EUROCRYPT.

[21]  Arjen K. Lenstra,et al.  Unbelievable Security. Matching AES Security Using Public Key Systems , 2001, ASIACRYPT.

[22]  Hung-Min Sun,et al.  An Approach Towards Rebalanced RSA-CRT with Short Public Exponent , 2005, IACR Cryptol. ePrint Arch..

[23]  Hung-Min Sun,et al.  RSA with Balanced Short Exponents and Its Application to Entity Authentication , 2005, Public Key Cryptography.

[24]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[25]  Richard Pinch,et al.  Further Attacks on Server-aided Rsa Cryptosystems , 1998 .

[26]  Hung-Min Sun,et al.  On the Design of Rebalanced RSA-CRT , 2005 .