Revisiting Wiener's Attack --- New Weak Keys in RSA

  • Authors:

  • Subhamoy Maitra;Santanu Sarkar

  • Affiliations:

  • Indian Statistical Institute, Kolkata, India 700 108;Indian Statistical Institute, Kolkata, India 700 108

  • Venue:
  • ISC '08 Proceedings of the 11th international conference on Information Security
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this paper we revisit Wiener's method (IEEE-IT, 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N= pq, qpq, public encryption exponent eand private decryption exponent d. Our motivation is to find out when RSA is insecure given dis O(n茂戮驴), where we are mostly interested in the range 0.3 ≤ 茂戮驴≤ 0.5. We use both the upper and lower bounds on 茂戮驴(N) and then try to find out what are the cases when $\frac{t}{d}$ is a convergent in the CF expression of $\frac{e}{N - \frac{3}{\sqrt{2}} \sqrt{N} + 1}$. First we show that the RSA keys are weak when d= N茂戮驴and $\delta , where 2q茂戮驴 p= N茂戮驴and 茂戮驴is a small value based on certain parameters. This presents additional results over the work of de Weger (AAECC 2002). Further we show that, the RSA keys are weak when $d and eis $O(N^{\frac{3}{2}-2\delta})$ for $\delta \leq \frac{1}{2}$. Using similar idea we also present new results over the work of Blömer and May (PKC 2004).