Simplification of the Lattice Based Attack of Boneh and Durfee for RSA Cryptoanalysis
نویسنده
چکیده
In this paper we present a new formulation and its simpler analysis of the lattice based attack of Boneh and Durfee for the RSA cryptography [2]. We follow the same approach of Boneh and Durfee, however we propose a new way of defining a lattice with which we can achieve the same solvable key bound d < N. Our lattice is represented as a lower triangle matrix, which makes its analysis much simpler that of [2]. We think that this simpler analysis would be useful for considering applications/generalisations of this approach. In fact, as an example of such applications, we give a way of attacking RSA secret key with a certain repetitive structure.
منابع مشابه
Low Secret Exponent RSA Revisited
We present a lattice attack on low exponent RSA with short secret exponent d = N for every δ < 0.29. The attack is a variation of an approach by Boneh and Durfee [4] based on lattice reduction techniques and Coppersmith’s method for finding small roots of modular polynomial equations. Although our results are slightly worse than the results of Boneh and Durfee they have several interesting feat...
متن کاملCryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
At Asiacrypt ’99, Sun, Yang and Laih proposed three RSA variants with short secret exponent that resisted all known attacks, including the recent Boneh-Durfee attack from Eurocrypt ’99 that improved Wiener’s attack on RSA with short secret exponent. The resistance comes from the use of unbalanced primes p and q. In this paper, we extend the Boneh-Durfee attack to break two out of the three prop...
متن کاملA Unified Framework for Small Secret Exponent Attack on RSA
We address a lattice based method on small secret exponent attack on RSA scheme. Boneh and Durfee reduced the attack into finding small roots of a bivariate modular equation: x(N+1+y)+1 ≡ 0( mod e), where N is an RSA moduli and e is the RSA public key. Boneh and Durfee proposed a lattice based algorithm for solving the problem. When the secret exponent d is less than N, their method breaks RSA ...
متن کاملShort secret exponent attack on LSBS-RSA
LSBS-RSA is a variation of RSA cryptosystem with modulus primes p, q, sharing a large number of least significant bits. As original RSA, LSBS-RSA is also vulnerable to the short secret exponent attack. Sun et al. [15] studied this problem and they provided the bound for secret exponent as: 2 2 5 4 3 1 6 1 3 6 3 2 2 6 γ β α α γ α − < + − + − − . Their bound does not reduce to the opt...
متن کاملMaximizing Small Root Bounds by Linearization and Applications to Small Secret Exponent RSA
We present an elementary method to construct optimized lattices that are used for finding small roots of polynomial equations. Former methods first construct some large lattice in a generic way from a polynomial f and then optimize via finding suitable smaller dimensional sublattices. In contrast, our method focuses on optimizing f first which then directly leads to an optimized small dimension...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009