Abstract
In this paper, we study the security bounds of d for the Common Prime version of Murru and Saettone’s RSA cyptosystem. We show that this variant of RSA can be broken if \(d<N^{\frac{3}{2}-\frac{\alpha }{2}+\epsilon }\), where \(\alpha =\log _Ne\), and \(\epsilon \) is a small constant. By using Jochemsz and May’s extended strategy, we improve this bound to \(\delta <\min \{1,\frac{7-2\sqrt{3\alpha +1}}{3}+\epsilon \}\). Notice that if e is a full size exponent, the bound for d turns to be \(d<N^{0.5695+\epsilon }\). Compared with the bound of d in the classical Common Prime RSA cryptosystem, that is \(d<N^{\frac{1}{4}(4+4\gamma -\sqrt{13+20\gamma +4\gamma ^2})}\), where \(\gamma =\log _Ng<\frac{1}{2}\), and \(g=gcd(\frac{p-1}{2},\frac{q-1}{2})\), Murru and Saettone’s variant should be used with more care. Our algorithms apply Coppersmith’s method for solving trivariate polynomial equations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aono, Y.: A new lattice construction for partial key exposure attack for RSA. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 34–53. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_3
Bauer, A., Vergnaud, D., Zapalowicz, J.-C.: Inferring sequences produced by nonlinear pseudorandom number generators using coppersmith’s methods. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 609–626. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_36
Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_16
Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_14
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
Gómez-Pérez, D., Gutierrez, J., Ibeas, Á.: Attacking the pollard generator. IEEE Trans. Inf. Theory 52(12), 5518–5523 (2006)
Herrmann, M.: Improved cryptanalysis of the multi-prime \(\varphi \) - hiding assumption. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 92–99. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_6
Herrmann, M., May, A.: Attacking power generators using unravelled linearization: when do we output too much? In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 487–504. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_29
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024458
Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). https://doi.org/10.1007/11935230_18
Kakvi, S.A., Kiltz, E., May, A.: Certifying RSA. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 404–414. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_25
Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext Attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_16
Lenstra, H., Lenstra, A.K., Lovász, L.: Factoring polynomials with rational coefficients (1982)
May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003)
May, A.: Secret exponent attacks on RSA-type schemes with moduli N = p\({}^{\text{r}}\)q. In: Bao, F., Deng, R., Zhou, J. (eds) PKC 2004. LNCS, vol. 2947, pp. 218-230. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_16
May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P.Q., Vallée, B. (eds.) The LLL Algorithm - Survey and Applications. Information Security and Cryptography, pp. 315–348. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-02295-1_10
Murru, N., Saettone, F.M.: A novel RSA-like cryptosystem based on a generalization of the Rédei rational functions. In: Kaczorowski, J., Pieprzyk, J., Pomykała, J. (eds.) NuTMiC 2017. LNCS, vol. 10737, pp. 91–103. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76620-1_6
Nitaj, A., Ariffin, M.R.B.K., Adenan, N.N.H., Abu, N.A.: Classical attacks on a variant of the RSA cryptosystem. In: Longa, P., Ràfols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 151–167. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88238-9_8
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Sarkar, S.: Reduction in lossiness of RSA trapdoor permutation. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, vol. 7644, pp. 144–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34416-9_10
Sarkar, S., Maitra, S.: Cryptanalysis of RSA with two decryption exponents. Inf. Process. Lett. 110(5), 178–181 (2010)
Susilo, W., Tonien, J.: A wiener-type attack on an RSA-like cryptosystem constructed from cubic Pell equations. Theor. Comput. Sci. 885, 125–130 (2021)
Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67–97. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49387-8_4
Tosu, K., Kunihiro, N.: Optimal bounds for multi-prime \(\varPhi \)-hiding assumption. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 1–14. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31448-3_1
van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_2
Zheng, M., Hu, H.: Cryptanalysis of prime power RSA with two private exponents. Sci. China Inf. Sci. 58(11), 1–8 (2015)
Zheng, M., Kunihiro, N., Yao, Y.: Cryptanalysis of the RSA variant based on cubic Pell equation. Theor. Comput. Sci. 889, 135–144 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, X., Liu, Y., Chen, Y. (2022). Attack on the Common Prime Version of Murru and Saettone’s RSA Cryptosystem. In: Ryan, P.Y., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2021. Lecture Notes in Computer Science, vol 13195. Springer, Cham. https://doi.org/10.1007/978-3-031-17510-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-17510-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17509-1
Online ISBN: 978-3-031-17510-7
eBook Packages: Computer ScienceComputer Science (R0)