On using RSA with low exponent in a public key network
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Attack on RSA Given a Small Fraction of the Private Key Bits
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Low Secret Exponent RSA Revisited
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Converse results to the wiener attack on RSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Partial key exposure attacks on RSA up to full size exponents
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Consider RSA with N = pq , q p q , public encryption exponent e and private decryption exponent d . We study cryptanalysis of RSA when certain amount of the Most Significant Bits (MSBs) or Least Significant Bits (LSBs) of d is known. This problem has been well studied in literature as evident from the works of Boneh et. al. in Asiacrypt 1998, Blömer et. al. in Crypto 2003 and Ernst et. al. in Eurocrypt 2005. In this paper, we achieve significantly improved results by modifying the techniques presented by Ernst et. al. Our novel idea is to guess a few MSBs of the secret prime p (may be achieved by exhaustive search over those bits in certain cases) that substantially reduces the requirement of MSBs of d for the key exposure attack.