New Attacks on RSA with Moduli N = p r q

We present three attacks on the Prime Power RSA with modulus N = p r q. In the first attack, we consider a public exponent e satisfying an equation ex − φ(N)y = z where φ(N) = p r − 1(p − 1)(q − 1). We show that one can factor N if the parameters |x| and |z| satisfy \(|xz|<N^\frac{r(r-1)}{(r+1)^2}\) thereby extending the recent results of Sakar [16]. In the second attack, we consider two public exponents e 1 and e 2 and their corresponding private exponents d 1 and d 2. We show that one can factor N when d 1 and d 2 share a suitable amount of their most significant bits, that is \(|d_1-d_2|<N^{\frac{r(r-1)}{(r+1)^2}}\). The third attack enables us to factor two Prime Power RSA moduli \(N_1=p_1^rq_1\) and \(N_2=p_2^rq_2\) when p 1 and p 2 share a suitable amount of their most significant bits, namely, \(|p_1-p_2|<\frac{p_1}{2rq_1q_2}\).

[1]  Santanu Sarkar,et al.  Small secret exponent attack on RSA variant with modulus N=prq\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$N=p^rq$$ , 2014, Designs, Codes and Cryptography.

[2]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[3]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[4]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5]  Alexander May,et al.  Using LLL-Reduction for Solving RSA and Factorization Problems , 2010, The LLL Algorithm.

[6]  Dan Boneh,et al.  Factoring N = prq for Large r , 1999, CRYPTO.

[7]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[8]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[9]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[10]  Johannes Blömer,et al.  A Generalized Wiener Attack on RSA , 2004, Public Key Cryptography.

[11]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[12]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 2000, IEEE Trans. Inf. Theory.

[13]  G. Hardy,et al.  An Introduction to the Theory of Numbers , 1938 .

[14]  M. Hinek Cryptanalysis of RSA and Its Variants , 2009 .

[15]  D. Boneh,et al.  Factoring N = pr q for large r , 1999 .

[16]  Alexander May,et al.  Secret Exponent Attacks on RSA-type Schemes with Moduli N= prq , 2004, Public Key Cryptography.

[17]  Tsuyoshi Takagi,et al.  Fast RSA-Type Cryptosystem Modulo pkq , 1998, CRYPTO.

[18]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[19]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[20]  Alexander May,et al.  Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits , 2008, ASIACRYPT.

[21]  Dongdai Lin,et al.  New Results on Solving Linear Equations Modulo Unknown Divisors and its Applications , 2014, IACR Cryptol. ePrint Arch..