On Some Attacks on Multi-prime RSA
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
RSA Signature Algorithm for Microcontroller Implementation
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Cryptanalysis of Unbalanced RSA with Small CRT-Exponent
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Fast RSA-Type Cryptosystem Modulo pkq
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Finding Small Solutions to Small Degree Polynomials
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem
Mathematics of Computation
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
RSA with balanced short exponents and its application to entity authentication
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Partial Key Exposure Attack on CRT-RSA
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Trading decryption for speeding encryption in Rebalanced-RSA
Journal of Systems and Software
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Another look at small RSA exponents
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Efficient CRT-RSA decryption for small encryption exponents
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
A new attack on RSA and CRT-RSA
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Side channel attack to actual cryptanalysis: breaking CRT-RSA with low weight decryption exponents
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Cryptanalytic results on `Dual CRT' and `Common Prime' RSA
Designs, Codes and Cryptography
On the improvement of fermat factorization
NSS'12 Proceedings of the 6th international conference on Network and System Security
| Hi-index | 0.00 |
We propose a key generation method for RSA moduli which allows the cost of the public operations (encryption/verifying) and the private operations (decryption/signing) to be balanced according to the application requirements. Our method is a generalisation of using small public exponents and small Chinese remainder (CRT) private exponents. Our results are most relevant in the case where the cost of private operations must be optimised. We give methods for which the cost of private operations is the same as the previous fastest methods, but where the public operations are significantly faster. The paper gives an analysis of the security of keys generated by our method, and a new birthday attack on low Hamming-weight private exponents.