Abstract
In CRYPTO 2009, Heninger and Shacham presented a new method of recovering RSA private keys bit by bit given a fraction of private data, and analyzed resistance of RSA against the attack. They obtained a system of relations between RSA private variables and calculated the expected number of solution candidates. As they dealt with only RSA case, we consider the case that the system of equations is given in more general linear form. We show that the complexity of their attack depends only on the number of variables, the number of ambiguous variables, and the degree of freedom. As concrete examples, we apply the attack to Paillier cryptosystem and Takagi’s variant of RSA, and analyze their resistance against the attack. In Pailiier’s case, its resistance is almost the same as the case when a fraction of three private RSA keys are leaked. In Takagi’s case, we find that the asymmetricity in two factors of the modulus give some effects on the resistance against the attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring N = pq for Large r. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999)
Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. Journal of Cryptology, 233–260 (1997)
Dulmage, A.L., Mendelsohn, N.S.: Two Algorithms for Bipartite Graphs. J. Soc. Indust. Appl. Math. 11(1), 183–184 (1963)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryption Keys. In: Proceedings of the 17th USENIX Security Symposium, pp. 45–60. USENIX Association (2008)
Henecka, W., May, A., Meurer, A.: Correcting Errors in RSA Private Keys. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 351–369. Springer, Heidelberg (2010)
Heninger, N., Shacham, H.: Reconstructing RSA Private Keys from Random Key Bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009)
Maitra, S., Sarkar, S., Sen Gupta, S.: Factoring RSA Modulus Using Prime Reconstruction from Random Known Bits. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 82–99. Springer, Heidelberg (2010)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Rivest, R.L., Shamir, A.: Efficient Factoring Based on Partial Information. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 31–34. Springer, Heidelberg (1986)
Takagi, T.: Fast RSA-type Cryptosystem Modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kogure, J., Kunihiro, N., Yamamoto, H. (2012). Generalized Security Analysis of the Random Key Bits Leakage Attack. In: Jung, S., Yung, M. (eds) Information Security Applications. WISA 2011. Lecture Notes in Computer Science, vol 7115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27890-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-27890-7_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27889-1
Online ISBN: 978-3-642-27890-7
eBook Packages: Computer ScienceComputer Science (R0)