Abstract
Let N = p q be an LSBS-RSA modulus where primes p and q have the same bit-length and share the m least significant bits, and (p − 1, q − 1) = 2. Given (N, e) with \(e\in \mathbb{Z}_{\frac{\phi(N)}{4}}^*\) that satisfies \(e w+z\cdot 2^{2(m-1)} =0 \pmod{\phi(N)/4}\) with \(0<w\leq \frac{1}{9}\sqrt{\frac{\phi(N)}{e}}N^{\frac{1}{4}+\theta}\) and \(|z|\leq c\frac{e w}{\phi(N)}N^{\frac{1}{4}-\theta}\), we can find p and q in polynomial time. We show that the number of these weak keys e is at least \(N^{\frac{3}{4}+\theta-\varepsilon}\), where θ = m/log2 N, and there exists a probabilistic algorithm that can factor N in time \(O(N^{\frac{1}{4}-\theta+\varepsilon})\).
This research is partially supported by Project 973 (no: 2007CB807902) and the natural science foundation in Shandong province (no: Y2008A22) in China.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: The exact security of digital signatures: How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Blömer, J., May, A.: A generalized wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004)
Coppersmith, D.: Small solutions to polynomial equations and low exponent RSA vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)
Lenstra, H.W., Lenstra, A.K., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
May, A.: New RSA Vulnerabilities Using Lattice Reduction Methods. PhD thesis, University of Paderborn (2003)
May, A.: Using LLL-reduction for solving RSA and factorization problems: a survey. In: LLL+25 Conference in Honour of the 25th Birthday of the LLL Algorithm (2007)
Minkowski, H.: Geometrie der Zahlen. Teubner Verlag (1912)
Shamir, A., Rivest, R.L., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. of the ACM 21, 120–126 (1978)
Steinfeld, R., Zheng, Y.: On the security of RSA with primes sharing least- significant bits. Appl. Algebra Eng. Commun. Comput. 15(3-4), 179–200 (2004)
Sun, H.-M., Wu, M.-E., Steinfeld, R., Guo, J., Wang, H.: Cryptanalysis of short exponent RSA with primes sharing significant bits. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 49–63. Springer, Heidelberg (2008)
Sun, H.-M., Wu, M.-E., Wang, H., Guo, J.: On the improvement of the BDF attack on LSBS-RSA. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 84–97. Springer, Heidelberg (2008)
de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering 13, 17–28 (2002)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36, 553–558 (1998)
Zhao, Y.-D., Qi, W.-F.: Small private-exponent attack on RSA with primes sharing bits. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 221–229. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Meng, X., Bi, J. (2010). Weak Keys in RSA with Primes Sharing Least Significant Bits. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-16342-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16341-8
Online ISBN: 978-3-642-16342-5
eBook Packages: Computer ScienceComputer Science (R0)