A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
A course in computational algebraic number theory
A course in computational algebraic number theory
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the Security of the KMOV Public Key Cryptosystem
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt '99
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3/e (Undergraduate Texts in Mathematics)
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0.292
IEEE Transactions on Information Theory
On Some Attacks on Multi-prime RSA
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Toward a Rigorous Variation of Coppersmith's Algorithm on Three Variables
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
A New Class of Weak Encryption Exponents in RSA
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors
Information Security and Cryptology --- ICISC 2008
Low-cost client puzzles based on modular exponentiation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Another look at small RSA exponents
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Converse results to the wiener attack on RSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Maximizing small root bounds by linearization and applications to small secret exponent RSA
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
A unified framework for small secret exponent attack on RSA
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
RSA vulnerabilities with small prime difference
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
On the improvement of fermat factorization
NSS'12 Proceedings of the 6th international conference on Network and System Security
On the improvement of Fermat factorization using a continued fraction technique
Future Generation Computer Systems
| Hi-index | 0.00 |
We present a lattice attack on low exponent RSA with short secret exponent d = Nδ for every δ 0.265. Our method, as well as the method by Boneh and Durfee, is heuristic, since the method is based on Coppersmith's approach for bivariate polynomials. Coppersmith [6] pointed out that this heuristic must fail in some cases. We argue in this paper, that a (practically not interesting) variant of the Boneh/Durfee attack proposed in [4] always fails. Many authors have already stressed the necessity for rigorous proofs of Coppersmith's method in the multivariate case. This is even more evident in light of these results.