A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the Security of the KMOV Public Key Cryptosystem
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Generating RSA Keys on a Handheld Using an Untrusted Server
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
On the Design of RSA with Short Secret Exponent
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
On Some Attacks on Multi-prime RSA
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
On the uniformity of distribution of the decryption exponent in fixed encryption exponent RSA
Information Processing Letters
Partial Key Exposure Attack on CRT-RSA
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
On the uniformity of distribution of the decryption exponent in fixed encryption exponent RSA
Information Processing Letters
Finding small roots of bivariate integer polynomial equations: a direct approach
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Solving generalized small inverse problems
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Another look at small RSA exponents
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Partial key exposure attacks on RSA up to full size exponents
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
New attacks on RSA with small secret CRT-Exponents
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Efficient CRT-RSA decryption for small encryption exponents
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Cryptanalytic results on `Dual CRT' and `Common Prime' RSA
Designs, Codes and Cryptography
| Hi-index | 0.00 |
We present lattice-based attacks on RSA with prime factors p and q of unbalanced size. In our scenario, the factor q is smaller than N脽 and the decryption exponent d is small modulo p - 1. We introduce two approaches that both use a modular bivariate polynomial equation with a small root. Extracting this root is in both methods equivalent to the factorization of the modulus N = pq. Applying a method of Coppersmith, one can construct from a bivariate modular equation a bivariate polynomial f(x, y) over Z that has the same small root. In our first method, we prove that one can extract the desired root of f(x, y) in polynomial time. This method works up to 脽 d modulo p - 1 provided that 脽 驴 0.23.