Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors

Authors:
Santanu Sarkar;Subhamoy Maitra
Affiliations:
Indian Statistical Institute, Kolkata, India 700 108;Indian Statistical Institute, Kolkata, India 700 108
Venue:
Information Security and Cryptology --- ICISC 2008
Year:
2009

Citing 14
Cited 0

On using RSA with low exponent in a public key network

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Cryptography: Theory and Practice,Second Edition

Cryptography: Theory and Practice,Second Edition
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Attack on RSA Given a Small Fraction of the Private Key Bits

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited

Proceedings of the 6th IMA International Conference on Cryptography and Coding
Low Secret Exponent RSA Revisited

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack

ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Converse results to the wiener attack on RSA

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Partial key exposure attacks on RSA up to full size exponents

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Cryptanalysis of RSA with private key d less than N0.292

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Consider RSA with N = pq , q p q , public encryption exponent e and private decryption exponent d . We study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. This problem has been well studied in literature as evident from the works of Boneh et. al. in Asiacrypt 1998, Blömer et. al. in Crypto 2003 and Ernst et. al. in Eurocrypt 2005. In this paper, we achieve significantly improved results by modifying the techniques presented by Ernst et. al. Our novel idea is to guess a few MSBs of the secret prime p (may be achieved by exhaustive search over those bits in certain cases) that substantially reduces the requirement of MSBs of d for the key exposure attack.