On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
RSA with balanced short exponents and its application to entity authentication
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Hi-index | 0.48 |
At Asiacrypt '99, Sun, Yang and Laih proposed three different schemes of RSA cryptosystem to avoid all known attacks including Boneh-Durfee attack. One year after, Durfee and Nguyen attacked two out of these three schemes based on Coppersmith's lattice technique for finding small roots to trivariate modular polynomial equations. The bounds of private key for the first and third schemes were much improved, but the bound of the second scheme was not good enough. Our result improves Durfee and Nguyen's bound of the private exponent d from N0.483 to N0.486 for the second scheme. This implies the system is insecure if the private exponent d 0.486.