Lattice based Attacks on Small Private Exponent RSA: A Survey
نویسنده
چکیده
Lattice basis reduction algorithms have contributed a lot to cryptanalysis of RSA crypto system. With coppersmith’s theory of polynomials, these algorithms are searching for the weak instances of Number-theoretic cryptography, mainly RSA. In this paper we present several lattice based attacks on low private exponent of RSA.
منابع مشابه
New Partial Key Exposure Attacks on RSA Revisited
At CRYPTO 2003, Blömer and May presented new partial key exposure attacks against RSA. These were the first known polynomial-time partial key exposure attacks against RSA with public exponent e > N . Attacks for known most significant bits and known least significant bits were presented. In this work, we extend their attacks to multi-prime RSA. For r-prime RSA, these result in the first known p...
متن کاملOn the Insecurity of a Server-Aided RSA Protocol
At Crypto ’88, Matsumoto, Kato and Imai proposed a protocol, known as RSA-S1, in which a smart card computes an RSA signature, with the help of an untrusted powerful server. There exist two kinds of attacks against such protocols: passive attacks (where the server does not deviate from the protocol) and active attacks (where the server may return false values). Pfitzmann and Waidner presented a...
متن کاملLattice based Attacks on Small Private Exponent of RSA: A Survey
Cohen, H. 1995. A Course in Computational Algebraic Number Theory. Springer-Verlag. Second edition. Menezes, A. J, Van Oorschot P. C, and Vanstone. 1997. Hand book of Applied Cryptography. CRC Press. Lenstra A. K, Lenstra Jr. H. W, Lovasz L. 1982. "Factoring polynomials with rational coefficients". Mathematische A1nnalen, volume 261(4): pages 515-534. Rivest R. L, Shamir A, Adleman L....
متن کامل(Very) Large RSA Private Exponent Vulnerabilities
The dangers of using RSA with small private exponents has been known for more than a decade (see Wiener [7]). Knowing these dangers, but still wanting to substantially decrease decryption time, a user might try using a small negative private exponent which corresponds to a very large private exponent. We show that the attacks against small private exponent RSA by Wiener [7], Boneh & Durfee [3],...
متن کاملCommon modulus attacks on small private exponent RSA and some fast variants (in practice)
In this work we re-examine two common modulus attacks on RSA. First, we show that Guo’s continued fraction attack works much better in practice than previously expected. Given three instances of RSA with a common modulus N and private exponents each smaller than N the attack can factor the modulus about 93% of the time in practice. The success rate of the attack can be increased up to almost 10...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012