A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Fast RSA-Type Cryptosystem Modulo pkq
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring
Journal of Cryptology
Deterministic polynomial time equivalence between factoring and key-recovery attack on Takagi's RSA
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A tool kit for finding small roots of bivariate polynomials over the integers
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Partial key exposure attacks on RSA up to full size exponents
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Solving generalized small inverse problems
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
| Hi-index | 0.00 |
For a variant of RSA with modulus N = prq and ed Ξ 1 mod (p - 1)(q - 1), we show that d can be recovered if d N(2-√2)/(r+1). (Note that φ(N) ≠ (p - 1)(q - 1).) Boneh-Durfee's result for the standard RSA is obtained as a special case for r = 1. Technically, we develop a method of a finding small root of a trivariate polynomial equation f(x, y, z) = x(y - 1)(z - 1) + 1 = 0 (mode) under the condition that yrz = N. Our result cannot be obtained from the generic method of Jochemsz-May.