Affiliation:
1. Département de Mathématiques, Université de Caen, Boulevard Maréchal Juin, 14032 Caen Cedex, France
Abstract
Let n = pq be an RSA modulus with unknown prime factors of equal bit-size. Let e be the public exponent and d be the secret exponent satisfying ed ≡ 1 mod ϕ(n) where ϕ(n) is the Euler totient function. To reduce the decryption time or the signature generation time, one might be tempted to use a small private exponent d. Unfortunately, in 1990, Wiener showed that private exponents smaller than [Formula: see text] are insecure and in 1999, Boneh and Durfee improved the bound to n0.292. In this paper, we show that instances of RSA with even large private exponents can be efficiently broken if there exist positive integers X, Y such that |eY - XF(u)| and Y are suitably small where F is a function of publicly known expression for which there exists an integer u ≠ 0 satisfying F(u) ≈ n and pu or qu is computable from F(u) and n. We show that the number of such exponents is at least O(n3/4-ε) when F(u) = p(q - u).
Publisher
World Scientific Pub Co Pte Lt
Subject
Algebra and Number Theory
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. An application of Euclidean algorithm in cryptanalysis of RSA;Elemente der Mathematik;2020-07-13
2. A public key encryption scheme based on factoring and discrete logarithm;Journal of Discrete Mathematical Sciences and Cryptography;2009-12
3. Cryptanalysis of RSA Using the Ratio of the Primes;Progress in Cryptology – AFRICACRYPT 2009;2009
4. A new RSA vulnerability using continued fractions;2008 IEEE/ACS International Conference on Computer Systems and Applications;2008-03