Abstract
In this work we consider a variant of RSA whose public and private exponents can be chosen significantly smaller than in typical RSA. In particular, we show that it is possible to have private exponents smaller than N 1/4 which are resistant to all known small private exponent attacks. This allows for instances of RSA with short CRT-exponents and short public exponents. In addition, the number of bits required to store the private key information can be significantly reduced in this variant.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blömer, J., May, A.: Low secret exponent RSA revisited. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 4–19. Springer, Heidelberg (2001)
Blömer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory 46(4), 1339–1349 (2000)
Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)
Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA private key given a small fraction of its bits. Revised and extended version of proceedings of ASIACRYPT 1998 [5] (2001), Available at http://crypto.stanford.edu/~dabo/abstracts
Boneh, D., Shacham, H.: Fast variants of RSA. Cryptobytes 5(1), 1–9 (2002)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)
Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004)
Dujella, A.: Continued fractions and RSA with small secret exponent. Tatra Mt. Math. Publ. 29, 101–112 (2004)
Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–387. Springer, Heidelberg (2005)
Galbraith, S.D., Heneghan, C., McKee, J.F.: Tunable balancing of RSA. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 280–292. Springer, Heidelberg (2005)
Girault, M.: An identity-based identification scheme based on discrete logorithms modulo a composite number. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 481–486. Springer, Heidelberg (1991)
Howgrave-Graham, N.A.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)
Lenstra, A.K.: Unbelievable security: Matching AES security using public key systems. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 67–86. Springer, Heidelberg (2001)
Lim, C.H., Lee, P.J.: Security and performance of server-aided RSA computation protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 70–83. Springer, Heidelberg (1995)
May, A.: Cryptanalysis of unbalanced RSA with small CRT-exponent. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 242–256. Springer, Heidelberg (2002)
May, A.: Secret exponent attacks on RSA-type schemes with moduli N = p r q. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004)
McKee, J., Pinch, R.G.E.: Further attacks on server-aided RSA cryptosystems (1998), Available at http://citeseer.ist.psu.edu/388295.html
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Commun. of the ACM 21, 120–126 (1978)
Steinfeld, R., Contini, S., Wang, H., Pieprzyk, J.: Converse results to the Wiener attack on RSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 184–198. Springer, Heidelberg (2005)
Sun, H.-M., Hinek, M.J., Wu, M.-E.: On the design of rebalanced RSA-CRT. Technical Report CACR 2005-35, Centre for Applied Cryptographic Research, University of Waterloo (2005), http://www.cacr.math.uwaterloo.ca/
Sun, H.-M., Wu, M.-E.: An approach towards rebalanced RSA-CRT with short public exponent. Cryptology ePrint Archive, Report 2005/053 (2005), http://eprint.iacr.org/
Sun, H.-M., Yang, C.-T.: RSA with balanced short exponents and its application to entity authentication. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 199–215. Springer, Heidelberg (2005)
Verheul, E.R., van Tilborg, H.C.A.: Cryptanalysis of ‘less short’ RSA secret exponents. Appl. Algebra Eng. Commun. Comput. 8(5), 425–435 (1997)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)
Zimmerman, P.: Integer factoring records (May 2005), http://www.loria.fr/~zimmerma/records/factor.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hinek, M.J. (2006). Another Look at Small RSA Exponents. In: Pointcheval, D. (eds) Topics in Cryptology – CT-RSA 2006. CT-RSA 2006. Lecture Notes in Computer Science, vol 3860. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11605805_6
Download citation
DOI: https://doi.org/10.1007/11605805_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31033-4
Online ISBN: 978-3-540-32648-9
eBook Packages: Computer ScienceComputer Science (R0)