Skip to main content
SpringerLink
Log in

Partial Key Exposure Attack on CRT-RSA

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2014 (INDOCRYPT 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8885))

Included in the following conference series:

Abstract

In Eurocrypt 2005, Ernst et al. proposed an attack on RSA allowing to recover the secret key when the most or least significant bits of the decryption exponent \(d\) are known. In Indocrypt 2011, Sarkar generalized this by considering the number of unexposed blocks in the decryption exponent is more than one. In this paper, for the first time, we study this situation for CRT-RSA. Further, we consider the case when random bits of one decryption exponent are exposed in this model. These results have implications in side channel attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bernstein, D.J.: Fast multiplication and its applications. Algorithmic number theory: lattices, number fields, curves and cryptography, vol. 44, pp. 325–384. Cambridge University Press, MSRI Publications (2008)

    Google Scholar 

  2. Bleichenbacher, D., May, A.: New Attacks on RSA with Small Secret CRT-Exponents. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 1–13. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Blömer, J., May, A.: New Partial Key Exposure Attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key Given a Small Fraction of its Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  5. Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key \(d\) Less Than \(N^{0.292}\). IEEE Transactions on Information Theory 46(4), 1339–1349 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  6. Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Chen, Y., Nguyen, P.Q.: Faster Algorithms for Approximate Common Divisors: Breaking Fully-Homomorphic-Encryption Challenges over the Integers. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 502–519. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Coppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)

    Article  MathSciNet  Google Scholar 

  9. Coron, J.-S., Joux, A., Mandal, A., Naccache, D., Tibouchi, M.: Cryptanalysis of the RSA Subgroup Assumption from TCC 2005. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 147–155. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on rsa up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Galbraith, S.D., Heneghan, C., McKee, J.F.: Tunable Balancing of RSA. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 280–292. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Groth, J.: Cryptography in Subgroups of \(Z_n^*\). In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 50–65. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Halderman, A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryption Keys. In: USENIX Security Symposium (February 2008)

    Google Scholar 

  14. Heninger, N., Shacham, H.: Reconstructing RSA Private Keys from Random Key Bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Herrmann, M., May, A.: Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 406–424. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)

    Google Scholar 

  17. Jochemsz, E., May, A.: A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N\(^{0.073}\). In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  19. Lenstra, A.K., Lenstra Jr, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 513–534 (1982)

    Article  Google Scholar 

  20. May, A.: Cryptanalysis of Unbalanced RSA with Small CRT-Exponent. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 242–256. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (2001)

    Google Scholar 

  22. PKCS #1 standard for RSA. http://www.rsa.com/rsalabs/node.asp?id=2125

  23. Quisquater, J.-J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronic Letters 18, 905–907 (1982)

    Article  Google Scholar 

  24. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of ACM 21(2), 158–164 (1978)

    Article  MathSciNet  Google Scholar 

  25. Sarkar, S., Maitra, S.: Partial Key Exposure Attack on CRT-RSA. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 473–484. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  26. Sarkar, S.: Partial Key Exposure: Generalized Framework to Attack RSA. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 76–92. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Takayasu, A., Kunihiro, N.: Better Lattice Constructions for Solving Multivariate Linear Equations Modulo Unknown Divisors. In: Boyd, C., Simpson, L. (eds.) ACISP. LNCS, vol. 7959, pp. 118–135. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  28. van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  29. Wiener, M.: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)

    Article  MathSciNet  MATH  Google Scholar 

  30. Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public. Results from the 2008 Debian OpenSSL debacle (May 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chennai Mathematical Institute, H1, SIPCOT IT Park, Siruseri, Kelambakkam, Chennai, 603103, India

    Santanu Sarkar

  2. Computer Science Unit, Indian Statistical Institute - Chennai Centre, MGR Knowledge City Road, Taramani, Chennai, 600113, India

    Ayineedi Venkateswarlu

Authors
  1. Santanu Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ayineedi Venkateswarlu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santanu Sarkar .

Editor information

Editors and Affiliations

  1. Hochschule für Technik, Fachhochschule Nordwestschweiz, Windisch, Switzerland

    Willi Meier

  2. Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

    Debdeep Mukhopadhyay

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Sarkar, S., Venkateswarlu, A. (2014). Partial Key Exposure Attack on CRT-RSA. In: Meier, W., Mukhopadhyay, D. (eds) Progress in Cryptology -- INDOCRYPT 2014. INDOCRYPT 2014. Lecture Notes in Computer Science(), vol 8885. Springer, Cham. https://doi.org/10.1007/978-3-319-13039-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13039-2_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13038-5

  • Online ISBN: 978-3-319-13039-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation