A course in number theory and cryptography
A course in number theory and cryptography
Algorithmic number theory
Algebraic aspects of cryptography
Algebraic aspects of cryptography
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Low-Cost Double-Size Modular Exponentiation or How to Stretch Your Cryptoprocessor
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Factorization of a 512-bit RSA modulus
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Today's cryptography using RSA is faced with the problem of increased bit length and so called fast on-card key generation -- both for security reasons. These two requirements often constitute a problem on existing cards as their arithmetic coprocessors are most often designed for a fixed bit length which is not suited for latest security demands. While the main problem, the overcoming of the computational limitations of the cards coprocessor can in principle be solved via recent efficient algorithms, the subproblem of computing the secret RSA exponents cannot be solved satisfactory by these algorithms. This is due to the fact that the key generation, including the secret RSA exponent, is done during the card personalization in the fab where production times are very costly. This article proposes a very simple, natural and efficient solution to this problem. Namely, computing the secret RSA exponent d via the Chinese Remainder Theorem (CRT) wrt. p - 1 and q - 1 where p and q denote the two secret primes of the the public modul N. We stress that it is impossible to use the CRT in a straightforward way, as p - 1 and q - 1 are not relatively prime. Nevertheless the solution to this problem is natural and very simple. However, as we have not found anywhere in the literature a hint on this very practical result, we felt to share it with the community.Moreover, we present another method to compute efficiently secret RSA exponents d for certain short public keys e which we have not seen so far in the public literature.