论文信息 - A new attack on RSA with a composed decryption exponent

A new attack on RSA with a composed decryption exponent

In this paper, we consider an RSA modulus N = pq, where the prime factors p, q are of the same size. We present an attack on RSA when the decryption exponent d is in the form d = Md1 + d0 where M is a given positive integer and d1 and d0 are two suitably small unknown integers. In 1999, Boneh and Durfee presented an attack on RSA when d < N. When d = Md1 + d0, our attack enables one to overcome Boneh and Durfee’s bound and to factor the RSA modulus.

Abderrahmane Nitaj | Mohamed Ould Douh | Abderrahmane Nitaj

[1] Benne de Weger,et al. Partial Key Exposure Attacks on RSA up to Full Size Exponents , 2005, EUROCRYPT.

[2] Nick Howgrave-Graham,et al. Finding Small Roots of Univariate Modular Equations Revisited , 1997, IMACC.

[3] Johannes Blömer,et al. New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[4] Abderrahmane Nitaj,et al. Another Generalization of Wiener's Attack on RSA , 2008, AFRICACRYPT.

[5] Dan Boneh,et al. TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[6] Michael J. Wiener,et al. Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[7] Dan Boneh,et al. An Attack on RSA Given a Small Fraction of the Private Key Bits , 1998, ASIACRYPT.

[8] Dan Boneh,et al. Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[9] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[10] László Lovász,et al. Factoring polynomials with rational coefficients , 1982 .

[11] Alexander May,et al. A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants , 2006, ASIACRYPT.

[12] Alexander May,et al. New RSA vulnerabilities using lattice reduction methods , 2003 .

[13] Don Coppersmith,et al. Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.