Abstract
This paper discusses the factorization of the RSA modulus N (i.e., Nā=āpq, where p, q are primes of same bit size) by reconstructing the primes from randomly known bits. The reconstruction method is a modified brute-force search exploiting the known bits to prune wrong branches of the search tree, thereby reducing the total search space towards possible factorization. Here we revisit the work of Heninger and Shacham in Crypto 2009 and provide a combinatorial model for the search where some random bits of the primes are known. This shows how one can factorize N given the knowledge of random bits in the least significant halves of the primes. We also explain a lattice based strategy in this direction. More importantly, we study how N can be factored given the knowledge of some blocks of bits in the most significant halves of the primes. We present improved theoretical result and experimental evidences in this direction.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystem. Notices of the AMSĀ 46(2), 203ā213 (1999)
Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key Given a Small Fraction of its Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol.Ā 1514, pp. 25ā34. Springer, Heidelberg (1998)
Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Heidelberg (1996)
Coppersmith, D.: Small Solutions to Polynomial Equations and Low Exponent Vulnerabilities. Journal of CryptologyĀ 10(4), 223ā260 (1997)
Heninger, N., Shacham, H.: Reconstructing RSA Private Keys from Random Key Bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.Ā 5677, pp. 1ā17. Springer, Heidelberg (2009)
Herrmann, M., May, A.: Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol.Ā 5350, pp. 406ā424. Springer, Heidelberg (2008)
Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol.Ā 1355, pp. 131ā142. Springer, Heidelberg (1997)
Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with new Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.Ā 4284, pp. 267ā282. Springer, Heidelberg (2006)
Lenstra, A.K., Lenstra, H.W., LovĆ”sz, L.: Factoring Polynomials with Rational Coefficients. Mathematische AnnalenĀ 261, 513ā534 (1982)
May, A.: Using LLL-Reduction for Solving RSA and Factorization Problems: A Survey. In: LLL+ā25 Conference in honour of the 25th birthday of the LLL algorithm (2007), http://www.cits.rub.de/personen/may.html
Rivest, R.L., Shamir, A.: Efficient Factoring based on Partial Information. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol.Ā 219, pp. 31ā34. Springer, Heidelberg (1986)
Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of ACMĀ 21(2), 158ā164 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maitra, S., Sarkar, S., Sen Gupta, S. (2010). Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits. In: Bernstein, D.J., Lange, T. (eds) Progress in Cryptology ā AFRICACRYPT 2010. AFRICACRYPT 2010. Lecture Notes in Computer Science, vol 6055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12678-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-12678-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12677-2
Online ISBN: 978-3-642-12678-9
eBook Packages: Computer ScienceComputer Science (R0)