A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Cryptanalysis of Unbalanced RSA with Small CRT-Exponent
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Generating RSA Moduli with a Predetermined Portion
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem
Mathematics of Computation
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
RSA with balanced short exponents and its application to entity authentication
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Partial key exposure attacks on RSA up to full size exponents
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
Publishing upper half of RSA decryption exponent
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Side channel attack to actual cryptanalysis: breaking CRT-RSA with low weight decryption exponents
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
Consider CRT-RSA with the parameters p, q, e, dp, dq, where p, q are secret primes, e is the public encryption exponent and dp, dq are the private decryption exponents. We present an efficient method to select CRT-RSA parameters in such a manner so that the decryption becomes faster for small encryption exponents. This is the most frequently used situation for application of RSA in commercial domain. Our idea is to choose e and the factors (with low Hamming weight) of dp, dq first and then applying the extended Euclidean algorithm, we obtain p, q of same bit size. For small e, we get an asymptotic reduction of the order of ${{1}\over{3}}$ in the decryption time compared to standard CRT-RSA parameters for large N=pq. In case of practical parameters, with 1024 bits N and e=216+1, we achieve a reduction of more than 27%. Extensive security analysis is presented for our selected parameters and benchmark examples are also provided.