A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
On the Security of RSA with Primes Sharing Least-Significant Bits
Applicable Algebra in Engineering, Communication and Computing
On the Improvement of the BDF Attack on LSBS-RSA
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of short RSA secret exponents
IEEE Transactions on Information Theory
Small private-exponent attack on RSA with primes sharing bits
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 0.00 |
Let N = pq be an LSBS-RSA modulus where primes p and q have the same bit-length and share the m least significant bits, and (p - 1, q - 1) = 2. Given (N, e) with e ∈ Z*Φ(N)/4 that satisfies ew + z ċ 22(m-1) = 0 (mod Φ(N)/4) with 0 w ≤ 1/9√Φ(N)/e N1/4+θ and |z| ≤ c ew/Φ(N) N1/4-θ, we can find p and q in polynomial time. We show that the number of these weak keys e is at least N3/4+θ-ε, where θ = m/log2 N, and there exists a probabilistic algorithm that can factor N in time O(N1/4-θ+ε).