Abstract
Recently, Bunder, Nitaj, Susilo and Tonien utilized the continued fraction method to solve for the unknowns of a modular equation which has been applied in three variants of RSA cryptosystem, where the modular equation can be expressed as \(ed\equiv 1\,\mathrm {mod}\,(p^2-1)(q^2-1)\) and \(N=pq\) is an RSA modulus. According to their work, when the private key \(d \simeq N^{\delta }\) satisfies that \(\delta < \frac{3-\alpha }{2}\) for \(\alpha \ge 1\), where \(e \simeq N^{\alpha }\), the modulus N can be factored in polynomial time. In this paper, we revisit their work and improve the previous bound to \(\delta < 2 - \sqrt{\alpha }\) for \(\alpha \ge 1\). More specifically, by utilizing Coppersmith’s method to solve for the unknowns of a modular equation and using unravelled linearization technique in the lattice construction, we can successfully improve their result. Our attack are verified by experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)
Bosma, W., Cannon, J.J., Playoust, C.: The magma algebra system I: the user language. J. Symbolic Comput. 24(3–4), 235–265 (1997)
Bunder, M., Nitaj, A., Susilo, W., Tonien, J.: A new attack on three variants of the RSA cryptosystem. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 258–268. Springer, Cham (2016). doi:10.1007/978-3-319-40367-0_16
Castagnos, G.: An efficient probabilistic public-key cryptosystem over quadratic fields quotients. Finite Fields Appl. 13(3), 563–576 (2007)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)
Elkamchouchi, H., Elshenawy, K., Shaban, H.: Extended RSA cryptosystem and digital signature schemes in the domain of gaussian integers. In: The International Conference on Communication Systems, vol. 1, pp. 91–95 (2002)
Herrmann, M., May, A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 53–69. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_4
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). doi:10.1007/BFb0024458
Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). doi:10.1007/11935230_18
Jochemsz, E., May, A.: A polynomial time attack on RSA with private CRT-exponents smaller than N 0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_22
Kuwakado, H., Koyama, K., Tsuruoka, Y.: A new RSA-type scheme based on singular cubic curves \(y^2\equiv x^3 + bx^2\,({}\, n)\). IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 78(1), 27–33 (1995)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48797-6_9
May, A.: Secret exponent attacks on RSA-type schemes with moduli N=p r q. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24632-9_16
Nguyen, P.Q., Vallée, B. (eds.): The LLL Algorithm - Survey and Applications. Series in Information Security and Cryptography. Springer, Heidelberg (2010)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Sarkar, S.: Small secret exponent attack on RSA variant with modulus \(N=p^{r}q\). Des. Codes Crypt. 73(2), 383–392 (2014)
Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67–97. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_4
Takagi, T.: Fast RSA-type cryptosystem modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). doi:10.1007/BFb0055738
Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990)
Acknowledgements
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (Grants 2013CB834203 and 2011CB302400), the National Natural Science Foundation of China (Grants 61472417, 61402469, 61472416, 61502488 and 61272478), the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702 and XDA06010703, and the State Key Laboratory of Information Security, Chinese Academy of Sciences. Y. Lu is supported by Project CREST, JST.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Peng, L., Hu, L., Lu, Y., Wei, H. (2017). An Improved Analysis on Three Variants of the RSA Cryptosystem. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-54705-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54704-6
Online ISBN: 978-3-319-54705-3
eBook Packages: Computer ScienceComputer Science (R0)