On using RSA with low exponent in a public key network
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring
Journal of Cryptology
A new RSA vulnerability using continued fractions
AICCSA '08 Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Converse results to the wiener attack on RSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Cryptanalysis of RSA with small prime combination
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Cryptanalysis of multi-prime RSA with small prime difference
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Hi-index | 0.00 |
In this paper we revisit Wiener's method (IEEE-IT, 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N= pq, qpq, public encryption exponent eand private decryption exponent d. Our motivation is to find out when RSA is insecure given dis O(n茂戮驴), where we are mostly interested in the range 0.3 ≤ 茂戮驴≤ 0.5. We use both the upper and lower bounds on 茂戮驴(N) and then try to find out what are the cases when $\frac{t}{d}$ is a convergent in the CF expression of $\frac{e}{N - \frac{3}{\sqrt{2}} \sqrt{N} + 1}$. First we show that the RSA keys are weak when d= N茂戮驴and $\delta , where 2q茂戮驴 p= N茂戮驴and 茂戮驴is a small value based on certain parameters. This presents additional results over the work of de Weger (AAECC 2002). Further we show that, the RSA keys are weak when $d and eis $O(N^{\frac{3}{2}-2\delta})$ for $\delta \leq \frac{1}{2}$. Using similar idea we also present new results over the work of Blömer and May (PKC 2004).