Efficient factoring based on partial information
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Fast RSA-Type Cryptosystem Modulo pkq
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Reconstructing RSA Private Keys from Random Key Bits
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Correcting errors in RSA private keys
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Factoring RSA modulus using prime reconstruction from random known bits
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Hi-index | 0.00 |
In CRYPTO 2009, Heninger and Shacham presented a new method of recovering RSA private keys bit by bit given a fraction of private data, and analyzed resistance of RSA against the attack. They obtained a system of relations between RSA private variables and calculated the expected number of solution candidates. As they dealt with only RSA case, we consider the case that the system of equations is given in more general linear form. We show that the complexity of their attack depends only on the number of variables, the number of ambiguous variables, and the degree of freedom. As concrete examples, we apply the attack to Paillier cryptosystem and Takagi's variant of RSA, and analyze their resistance against the attack. In Pailiier's case, its resistance is almost the same as the case when a fraction of three private RSA keys are leaked. In Takagi's case, we find that the asymmetricity in two factors of the modulus give some effects on the resistance against the attack.