Diophantine and Lattice Cryptanalysis of the RSA Cryptosystem

The RSA cryptosystem, invented in 1977 is the most popular public cryptosystem for electronic commerce. Its three inventors Rivest, Shamir and Adleman received the Year 2002 Turing Award, the equivalent Nobel Prize in Computer Science. RSA offers both encryption and digital signatures and is deployed in many commercial systems. The security of RSA is based on the assumption that factoring large integers is difficult. However, most successful attacks on RSA are not based on factoring. Rather, they exploit additional information that may be encoded in the parameters of RSA and in the particular way in which RSA is used. In this chapter, we give a survey of the mathematics of the RSA cryptosystem focussing on the cryptanalysis of RSA using a variety of diophantine methods and lattice-reduction based techniques.

[1]  B. D. de Weger,et al.  Cryptanalysis of RSA with Small Prime Difference , 2002, Applicable Algebra in Engineering, Communication and Computing.

[2]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[5]  Alexander May,et al.  A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants , 2006, ASIACRYPT.

[6]  Alexander May,et al.  New RSA vulnerabilities using lattice reduction methods , 2003 .

[7]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[8]  Miklós Ajtai,et al.  The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[9]  Abderrahmane Nitaj,et al.  Cryptanalysis of RSA Using the Ratio of the Primes , 2009, AFRICACRYPT.

[10]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[11]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[12]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[13]  Johannes Blömer,et al.  A Generalized Wiener Attack on RSA , 2004, Public Key Cryptography.

[14]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[15]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 2000, IEEE Trans. Inf. Theory.

[16]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[17]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[18]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[19]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[20]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[21]  M. Ajtai The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[22]  Benne de Weger,et al.  Cryptanalysis of RSA with Small Prime Difference , 2002, Applicable Algebra in Engineering, Communication and Computing.

[23]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[24]  Cryptosystem Dan Boneh Twenty Years of Attacks on the RSA , 1999 .

[25]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[26]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[27]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[28]  Joseph H. Silverman,et al.  Cryptography and Lattices , 2001, Lecture Notes in Computer Science.

[29]  David Pointcheval,et al.  Progress in Cryptology - AFRICACRYPT 2011 - 4th International Conference on Cryptology in Africa, Dakar, Senegal, July 5-7, 2011. Proceedings , 2011, AFRICACRYPT.

[30]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[31]  Alexander May,et al.  Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits , 2008, ASIACRYPT.

[32]  Song Y. Yan,et al.  Cryptanalytic attacks on RSA , 2007 .

[33]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[34]  Nick Howgrave-Graham,et al.  Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[35]  M. Hinek Cryptanalysis of RSA and Its Variants , 2009 .

[36]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[37]  Hatem M. Bahig,et al.  A new RSA vulnerability using continued fractions , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[38]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[39]  Mathias Herrmann Improved Cryptanalysis of the Multi-Prime φ - Hiding Assumption , 2011, AFRICACRYPT.