Cryptanalysis of short RSA secret exponents
نویسندگان
چکیده
منابع مشابه
Cryptanalysis of short RSA secret exponents
A cryptanalytic attack on the use of short RSA secret exponents is described. This attack makes use of an algorithm based on continued fractions which finds the numerator and denominator of a fraction in polynomial time when a close enough estimate of the fraction is known. The public exponent e and the modulus pq can be used to create an estimate of a fraction which involves the secret exponen...
متن کاملCryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
At Asiacrypt ’99, Sun, Yang and Laih proposed three RSA variants with short secret exponent that resisted all known attacks, including the recent Boneh-Durfee attack from Eurocrypt ’99 that improved Wiener’s attack on RSA with short secret exponent. The resistance comes from the use of unbalanced primes p and q. In this paper, we extend the Boneh-Durfee attack to break two out of the three prop...
متن کاملNew Attacks on RSA with Small Secret CRT-Exponents
It is well-known that there is an efficient method for decrypting/signing with RSA when the secret exponent d is small modulo p− 1 and q − 1. We call such an exponent d a small CRT-exponent. It is one of the major open problems in attacking RSA whether there exists a polynomial time attack for small CRT-exponents, i.e. a result that can be considered as an equivalent to the Wiener and Boneh-Dur...
متن کاملShort secret exponent attack on LSBS-RSA
LSBS-RSA is a variation of RSA cryptosystem with modulus primes p, q, sharing a large number of least significant bits. As original RSA, LSBS-RSA is also vulnerable to the short secret exponent attack. Sun et al. [15] studied this problem and they provided the bound for secret exponent as: 2 2 5 4 3 1 6 1 3 6 3 2 2 6 γ β α α γ α − < + − + − − . Their bound does not reduce to the opt...
متن کاملOn the Design of RSA with Short Secret Exponent
Based on continued fractions Wiener showed that a typical RSA system can be totally broken if its secret exponent d < 25 . 0 N where N is the RSA modulus. Recently, based on lattice basis reduction, Boneh and Durfee presented a new short secret exponent attack which improves Wiener’s bound up to d < 292 . 0 N . In this paper we show that it is possible to use a short secret exponent which is lo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Information Theory
سال: 1990
ISSN: 0018-9448
DOI: 10.1109/18.54902