Skip to main content
SpringerLink
Log in

Low Secret Exponent RSA Revisited

  • Conference paper
  • First Online:
Book cover Cryptography and Lattices (CaLC 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2146))

Included in the following conference series:

Abstract

We present a lattice attack on low exponent RSA with short secret exponent d = N δ for every δ < 0.29. The attack is a variation of an approach by Boneh and Durfee [4] based on lattice reduction techniques and Coppersmith’s method for finding small roots of modular polynomial equations. Although our results are slightly worse than the results of Boneh and Durfee they have several interesting features. We partially analyze the structure of the lattices we are using. For most δ < 0.29 our method requires lattices of smaller dimension than the approach by Boneh and Durfee. Hence, we get a more practical attack on low exponent RSA. We demonstrate this by experiments, where δ < 0.265.

Our method, as well as the method by Boneh and Durfee, is heuristic, since the method is based on Coppersmith’s approach for bivariate polynomials. Coppersmith [6] pointed out that this heuristic must fail in some cases. We argue in this paper, that a (practically not interesting) variant of the Boneh/Durfee attack proposed in [4] always fails. Many authors have already stressed the necessity for rigorous proofs of Coppersmith’s method in the multivariate case. This is even more evident in light of these results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Bleichenbacher, “On the Security of the KMOV public key cryptosystem”, Proc. of Crypto’97

    Google Scholar 

  2. D. Boneh, “Twenty years of attacks on the RSA cryptosystem”, Notices of the AMS, 1999

    Google Scholar 

  3. D. Boneh, G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292”, Proc. Eurocrypt’99

    Google Scholar 

  4. D. Boneh, G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292”, IEEE Trans. on Information Theory, vol. 46(4), 2000

    Google Scholar 

  5. H. Cohen, “A Course in Computational Algebraic Number Theory”, Springer Verlag, 1996

    Google Scholar 

  6. D. Coppersmith, “Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities”, Journal of Cryptology 10(4), 1997

    Google Scholar 

  7. D. Cox, J. Little, D. O’Shea, “Ideals, Varieties and Algorithms”, Springer Verlag, 1992

    Google Scholar 

  8. G. Durfee, P. Nguyen, “Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt’99”, Proc. of Asiacrypt 2000

    Google Scholar 

  9. M. Gruber, C.G. Lekkerkerker, “Geometry of Numbers”, North-Holland, 1987

    Google Scholar 

  10. G.H. Hardy, E.M. Wright, “An Introduction to the Theory of Numbers”, Oxford University Press, 1979

    Google Scholar 

  11. N. Howgrave-Graham, “Finding small roots of univariate modular equations revisited”, Proc. of Cryptography and Coding, LNCS 1355, Springer-Verlag, 1997

    Chapter  Google Scholar 

  12. C. Jutla, “On finding small solutions of modular multivariate polynomial equations”, Proc. of Eurocrypt’98

    Google Scholar 

  13. A. Lenstra, H. Lenstra and L. Lovasz, “Factoring polynomials with rational coefficients”, Mathematische Annalen, 1982

    Google Scholar 

  14. P. Nguyen, J. Stern, “Lattice Reduction in Cryptology: An Update”, Algorithmic Number Theory Symposium ANTS-IV, 2000

    Google Scholar 

  15. R. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems”, Communications of the ACM, volume 21, 1978

    Google Scholar 

  16. C.P. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms”, Theoretical Computer Science, volume 53, 1987

    Google Scholar 

  17. C.L. Siegel, “Lectures on the Geometry of Numbers”, Springer Verlag, 1989

    Google Scholar 

  18. V. Shoup, Number Theory Library (NTL), http://www.cs.wisc.edu/~shoup/ntl

  19. E. Verheul, H. van Tilborg, “Cryptanalysis of less short RSA secret exponents”, Applicable Algebra in Engineering, Communication and Computing, Springer Verlag, vol. 8, 1997

    Google Scholar 

  20. M. Wiener, “Cryptanalysis of short RSA secret exponents”, IEEE Transactions on Information Theory, vol. 36, 1990

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, University of Paderborn, 33095, Paderborn, Germany

    Johannes Blömer & Alexander May

Authors
  1. Johannes Blömer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander May
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Mathematics Department, Brown University, Box 1917, Providence, RI, 02912, USA

    Joseph H. Silverman

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Blömer, J., May, A. (2001). Low Secret Exponent RSA Revisited. In: Silverman, J.H. (eds) Cryptography and Lattices. CaLC 2001. Lecture Notes in Computer Science, vol 2146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44670-2_2

Download citation

  • DOI: https://doi.org/10.1007/3-540-44670-2_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42488-8

  • Online ISBN: 978-3-540-44670-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation