Efficient factoring based on partial information
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
A course in computational algebraic number theory
A course in computational algebraic number theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
An Attack on RSA Given a Small Fraction of the Private Key Bits
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Reconstructing RSA Private Keys from Random Key Bits
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Generalized security analysis of the random key bits leakage attack
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Hi-index | 0.00 |
This paper discusses the factorization of the RSA modulus N (i.e., N=pq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified brute-force search exploiting the known bits to prune wrong branches of the search tree, thereby reducing the total search space towards possible factorization. Here we revisit the work of Heninger and Shacham in Crypto 2009 and provide a combinatorial model for the search where some random bits of the primes are known. This shows how one can factorize N given the knowledge of random bits in the least significant halves of the primes. We also explain a lattice based strategy in this direction. More importantly, we study how N can be factored given the knowledge of some blocks of bits in the most significant halves of the primes. We present improved theoretical result and experimental evidences in this direction.