Low exponent attack against elliptic curve RSA

Authors:
Kaoru Kurosawa;Koji Okada;Shigeo Tsujii
Affiliations:
Department of Electrical & Electronic Engineering, Tokyo Institute of Technology, 2-12-1 O-okayama, Meguro-ku, Tokyo 152, Japan;Department of Electrical & Electronic Engineering, Tokyo Institute of Technology, 2-12-1 O-okayama, Meguro-ku, Tokyo 152, Japan;Department of Computer Science, Chuo University, 1-13-27 Kasuga, Bunkyo-ku, Tokyo 112, Japan
Venue:
Information Processing Letters
Year:
1995

Citing 3
Cited 0

On using RSA with low exponent in a public key network

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A new elliptic curve based analogue of RSA

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
New Public-Key Schemes Based on Elliptic Curves over the Ring Zn

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology

Quantified Score

Hi-index	0.89

Visualization

Abstract

Ha@?astad showed that low exponent RSA is not secure if the same message is encrypted to several receivers. This is true even if time-stamp is used for each receiver. For example, let e = 3. Then if the number of receivers is 7, the eavesdropper can find the plaintext from the seven ciphertexts of each receiver. This paper shows that elliptic curve RSA is not secure in the same scenario. It is shown that the KMOV scheme and Demytko's scheme are not secure if e = 5, n = 2^1^0^2^4 and the number of receivers is 428. In Demytko's scheme, e can take the value of 2. In this case, this system is not secure if the number of receiver is 11 for n = 2^1^7^5.