A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
An Attack on RSA Given a Small Fraction of the Private Key Bits
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces
Designs, Codes and Cryptography
Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring
Journal of Cryptology
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Hi-index | 0.00 |
In 2003, L. H. Encinas, J. M. Masqué and A. Q. Dios proposed an algorithm for generating the RSA modulus N with a large private key d, which was claimed secure. In this paper, we propose an attack on Encinas-Masqué-Dios algorithm and find its security flaw. Firstly, we prove that Encinas-Masqué-Dios algorithm is totally insecure when the public exponent e is larger than the sum of the two primes p and q. Secondly, we show that when e is larger than N1/4, Encinas-Masqué-Dios algorithm leaks sufficient secret information and then everyone can recover the factorization of the RSA modulus N in polynomial time.