Abstract
We present a lattice attack on low exponent RSA with short secret exponent d = N δ for every δ < 0.29. The attack is a variation of an approach by Boneh and Durfee [4] based on lattice reduction techniques and Coppersmith’s method for finding small roots of modular polynomial equations. Although our results are slightly worse than the results of Boneh and Durfee they have several interesting features. We partially analyze the structure of the lattices we are using. For most δ < 0.29 our method requires lattices of smaller dimension than the approach by Boneh and Durfee. Hence, we get a more practical attack on low exponent RSA. We demonstrate this by experiments, where δ < 0.265.
Our method, as well as the method by Boneh and Durfee, is heuristic, since the method is based on Coppersmith’s approach for bivariate polynomials. Coppersmith [6] pointed out that this heuristic must fail in some cases. We argue in this paper, that a (practically not interesting) variant of the Boneh/Durfee attack proposed in [4] always fails. Many authors have already stressed the necessity for rigorous proofs of Coppersmith’s method in the multivariate case. This is even more evident in light of these results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Bleichenbacher, “On the Security of the KMOV public key cryptosystem”, Proc. of Crypto’97
D. Boneh, “Twenty years of attacks on the RSA cryptosystem”, Notices of the AMS, 1999
D. Boneh, G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292”, Proc. Eurocrypt’99
D. Boneh, G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292”, IEEE Trans. on Information Theory, vol. 46(4), 2000
H. Cohen, “A Course in Computational Algebraic Number Theory”, Springer Verlag, 1996
D. Coppersmith, “Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities”, Journal of Cryptology 10(4), 1997
D. Cox, J. Little, D. O’Shea, “Ideals, Varieties and Algorithms”, Springer Verlag, 1992
G. Durfee, P. Nguyen, “Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt’99”, Proc. of Asiacrypt 2000
M. Gruber, C.G. Lekkerkerker, “Geometry of Numbers”, North-Holland, 1987
G.H. Hardy, E.M. Wright, “An Introduction to the Theory of Numbers”, Oxford University Press, 1979
N. Howgrave-Graham, “Finding small roots of univariate modular equations revisited”, Proc. of Cryptography and Coding, LNCS 1355, Springer-Verlag, 1997
C. Jutla, “On finding small solutions of modular multivariate polynomial equations”, Proc. of Eurocrypt’98
A. Lenstra, H. Lenstra and L. Lovasz, “Factoring polynomials with rational coefficients”, Mathematische Annalen, 1982
P. Nguyen, J. Stern, “Lattice Reduction in Cryptology: An Update”, Algorithmic Number Theory Symposium ANTS-IV, 2000
R. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems”, Communications of the ACM, volume 21, 1978
C.P. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms”, Theoretical Computer Science, volume 53, 1987
C.L. Siegel, “Lectures on the Geometry of Numbers”, Springer Verlag, 1989
V. Shoup, Number Theory Library (NTL), http://www.cs.wisc.edu/~shoup/ntl
E. Verheul, H. van Tilborg, “Cryptanalysis of less short RSA secret exponents”, Applicable Algebra in Engineering, Communication and Computing, Springer Verlag, vol. 8, 1997
M. Wiener, “Cryptanalysis of short RSA secret exponents”, IEEE Transactions on Information Theory, vol. 36, 1990
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blömer, J., May, A. (2001). Low Secret Exponent RSA Revisited. In: Silverman, J.H. (eds) Cryptography and Lattices. CaLC 2001. Lecture Notes in Computer Science, vol 2146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44670-2_2
Download citation
DOI: https://doi.org/10.1007/3-540-44670-2_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42488-8
Online ISBN: 978-3-540-44670-5
eBook Packages: Springer Book Archive