Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The better bound of private key in RSA with unbalanced primes
Applied Mathematics and Computation
On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Factorization of a 512-bit RSA modulus
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
On the Improvement of the BDF Attack on LSBS-RSA
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Trading decryption for speeding encryption in Rebalanced-RSA
Journal of Systems and Software
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Another look at small RSA exponents
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Efficient CRT-RSA decryption for small encryption exponents
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Cryptanalysis of RSA with a small parameter
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
On the improvement of fermat factorization
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
In typical RSA, it is impossible to create a key pair (e,d) such that both are simultaneously much shorter than φ (N). This is because if d is selected first, then e will be of the same order of magnitude as φ (N), and vice versa. At Asiacrypt'99, Sun et al. designed three variants of RSA using prime factors p and q of unbalanced size. The first RSA variant is an attempt to make the private exponent d short below N0.25 and N0.292 which are the lower bounds of d for a secure RSA as argued first by Wiener and then by Boneh and Durfee. The second RSA variant is constructed in such a way that both d and e have the same bit-length $\frac{1}{2}\log _{2}N+56$. The third RSA variant is constructed by such a method that allows a trade-off between the lengths of d and e. Unfortunately, at Asiacrypt'2000, Durfee and Nguyen broke the illustrated instances of the first RSA variant and the third RSA variant by solving small roots to trivariate modular polynomial equations. Moreover, they showed that the instances generated by these three RSA variants with unbalanced p and q in fact become more insecure than those instances, having the same sizes of exponents as the former, in RSA with balanced p and q. In this paper, we focus on designing a new RSA variant with balanced d and e, and balanced p and q in order to make such an RSA variant more secure. Moreover, we also extend this variant to another RSA variant in which allows a trade-off between the lengths of d and e. Based on our RSA variants, an application to entity authentication for defending the stolen-secret attack is presented.