Skip to main content

An Improved Analysis on Three Variants of the RSA Cryptosystem

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10143))

Included in the following conference series:

Abstract

Recently, Bunder, Nitaj, Susilo and Tonien utilized the continued fraction method to solve for the unknowns of a modular equation which has been applied in three variants of RSA cryptosystem, where the modular equation can be expressed as \(ed\equiv 1\,\mathrm {mod}\,(p^2-1)(q^2-1)\) and \(N=pq\) is an RSA modulus. According to their work, when the private key \(d \simeq N^{\delta }\) satisfies that \(\delta < \frac{3-\alpha }{2}\) for \(\alpha \ge 1\), where \(e \simeq N^{\alpha }\), the modulus N can be factored in polynomial time. In this paper, we revisit their work and improve the previous bound to \(\delta < 2 - \sqrt{\alpha }\) for \(\alpha \ge 1\). More specifically, by utilizing Coppersmith’s method to solve for the unknowns of a modular equation and using unravelled linearization technique in the lattice construction, we can successfully improve their result. Our attack are verified by experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  2. Bosma, W., Cannon, J.J., Playoust, C.: The magma algebra system I: the user language. J. Symbolic Comput. 24(3–4), 235–265 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  3. Bunder, M., Nitaj, A., Susilo, W., Tonien, J.: A new attack on three variants of the RSA cryptosystem. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 258–268. Springer, Cham (2016). doi:10.1007/978-3-319-40367-0_16

    Chapter  Google Scholar 

  4. Castagnos, G.: An efficient probabilistic public-key cryptosystem over quadratic fields quotients. Finite Fields Appl. 13(3), 563–576 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  5. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptology 10(4), 233–260 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  6. Elkamchouchi, H., Elshenawy, K., Shaban, H.: Extended RSA cryptosystem and digital signature schemes in the domain of gaussian integers. In: The International Conference on Communication Systems, vol. 1, pp. 91–95 (2002)

    Google Scholar 

  7. Herrmann, M., May, A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 53–69. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_4

    Chapter  Google Scholar 

  8. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). doi:10.1007/BFb0024458

    Chapter  Google Scholar 

  9. Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). doi:10.1007/11935230_18

    Chapter  Google Scholar 

  10. Jochemsz, E., May, A.: A polynomial time attack on RSA with private CRT-exponents smaller than N 0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_22

    Chapter  Google Scholar 

  11. Kuwakado, H., Koyama, K., Tsuruoka, Y.: A new RSA-type scheme based on singular cubic curves \(y^2\equiv x^3 + bx^2\,({}\, n)\). IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 78(1), 27–33 (1995)

    Google Scholar 

  12. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  13. Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48797-6_9

    Chapter  Google Scholar 

  14. May, A.: Secret exponent attacks on RSA-type schemes with moduli N=p r q. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24632-9_16

    Chapter  Google Scholar 

  15. Nguyen, P.Q., Vallée, B. (eds.): The LLL Algorithm - Survey and Applications. Series in Information Security and Cryptography. Springer, Heidelberg (2010)

    MATH  Google Scholar 

  16. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  17. Sarkar, S.: Small secret exponent attack on RSA variant with modulus \(N=p^{r}q\). Des. Codes Crypt. 73(2), 383–392 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  18. Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67–97. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_4

    Chapter  Google Scholar 

  19. Takagi, T.: Fast RSA-type cryptosystem modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). doi:10.1007/BFb0055738

    Google Scholar 

  20. Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (Grants 2013CB834203 and 2011CB302400), the National Natural Science Foundation of China (Grants 61472417, 61402469, 61472416, 61502488 and 61272478), the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702 and XDA06010703, and the State Key Laboratory of Information Security, Chinese Academy of Sciences. Y. Lu is supported by Project CREST, JST.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yao Lu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Peng, L., Hu, L., Lu, Y., Wei, H. (2017). An Improved Analysis on Three Variants of the RSA Cryptosystem. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54705-3_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54704-6

  • Online ISBN: 978-3-319-54705-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics