Skip to main content
SpringerLink
Log in

On the Security of RSA with Primes Sharing Least-Significant Bits

  • Published:
Applicable Algebra in Engineering, Communication and Computing Aims and scope

Abstract.

We investigate the security of a variant of the RSA public-key cryptosystem called LSBS-RSA, in which the modulus primes share a large number of least-significant bits. We show that low public-exponent LSBS-RSA is inherently resistant to Partial Key Exposure (PKE) attacks in which least-significant bits of the secret exponent are revealed to the attacker, and in particular that the Boneh-Durfee-Frankel PKE attack [5] on low public-exponent RSA is less effective for LSBS-RSA systems than for standard RSA. On the other hand, we show that large public-exponent LSBS-RSA is more vulnerable to such attacks than standard RSA. An application to server-aided RSA signature generation is proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bach, E., Shallit, J.: Algorithmic Number Theory, Vol. I. MIT Press, Massachusetts, 1996

  2. Bellare, M., Rogaway, P.: The exact security of digital signatures: How to sign with RSA and Rabin. In: EUROCRYPT ‘96, volume 1070 of LNCS, Berlin, Springer-Verlag, 1996, pp. 399–416

  3. Blömer, J., May, A.: New Partial Key Exposure Attacks on RSA. In Crypto 2003, LNCS, Springer-Verlag, 2003, pp. 27–43

  4. Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices of the American Mathematical Society (AMS) 46(2), 203–213 (1999)

    MATH  Google Scholar 

  5. Boneh, D., Durfee, G., Frankel, Y.: An Attack on RSA Given a Small Fraction of the Private Key Bits. In: ASIACRYPT ‘98, volume 1514 of LNCS, Berlin, Springer-Verlag, 1998, pp. 25–34

  6. Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key Given a Small Fraction of its Bits. Available from author’s webpage at http://www2.parc.com/csl/members/gdurfee/pubs.htm, 2002. Revised version of Asiacrypt ‘98 paper

  7. Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology. 10, 233–260 (1997)

    Article  MATH  Google Scholar 

  8. de Weger, B.: Cryptanalysis of RSA with Small Prime Difference. Applicable Algebra in Engineering. Commun. Comput. 13, 17–28 (2002)

    Article  MATH  Google Scholar 

  9. Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Scheme Secure against Adaptively Chosen Message Attacks. SIAM J. Comp. 17(2), 281–308 (1988)

    MATH  Google Scholar 

  10. Hinek, M.J., Low, M.K., Teske, E.: On some Attacks on Multi-Prime RSA. Cryptology ePrint Archive, Report 2002/063, 2002, http://eprint.iacr.org/

  11. Lenstra, A.: Generating RSA Moduli with a Predetermined Portion. In: ASIACRYPT ‘98, volume 1514 of LNCS, Berlin, Springer-Verlag, 1998, pp. 1–10

  12. Lenstra, A.K.: Unbelievable Security: Matching AES Security Using Public Key Systems. In: Asiacrypt 2001, volume 2248 of LNCS, Berlin, Springer-Verlag, 2001, pp. 67–86

  13. Lidl, R., Niederreiter, H.: Finite Fields. Encyclopedia of Mathematics and its Applications. Cambridge University Press, 1997

  14. Matsumoto, T., Kato, K., Imai, H.: Speeding Up Secret Computations with Insecure Auxiliary Devices. In: CRYPTO ‘88, volume 403 of LNCS, Berlin, Springer-Verlag, 1989, pp. 497–506

  15. Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. Discrete mathematics and its applications. CRC Press, 1997

  16. National Bureau of Standards. Data Encryption Standard, Federal Information Processing Standards Publication 1993, pp. 46–2

  17. Nguyen, P., Stern, J.: The Béguin-Quisquater Server-Aided RSA Protocol from Crypto ‘95 is not secure. In: ASIACRYPT ‘98, volume 1514 of LNCS, Berlin, Springer-Verlag, 1998, pp. 372–379

  18. Redmond, D.: Number Theory: an introduction. Number 201 in Monographs and textbooks in pure and applied mathematics. Marcel Dekker, 1996

  19. Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM 21(2), 120–128 (1978)

    Article  MATH  Google Scholar 

  20. Steinfeld, R., Zheng, Y.: An Advantage of Low-Exponent RSA with Modulus Primes Sharing Least Significant Bits. In: Topics in Cryptology - CT-RSA 2001, volume 2020 of LNCS, Berlin, Springer-Verlag, 2001, pp. 52–62

Download references

Author information

Authors and Affiliations

  1. Department of Computing, Macquarie University, North Ryde, NSW, 2109, Australia

    Ron Steinfeld

  2. Department of Software and Information Systems, University of North Carolina at Charlotte, Charlotte, NC, 28223, USA

    Yuliang Zheng

Authors
  1. Ron Steinfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuliang Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ron Steinfeld.

Additional information

This is an extended version of an earlier paper presented at the Cryptographer’s Track RSA Conference (CT-RSA 2001), April 8-12 2001, San Francisco, USA [20].

This work was done while the author was at the School of Network Computing, Monash University, Frankston, Australia.

Acknowledgement The authors would like to thank the anonymous referees of CT-RSA 2001 for their helpful comments on a preliminary version [20] of some of the results in this paper.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Steinfeld, R., Zheng, Y. On the Security of RSA with Primes Sharing Least-Significant Bits. AAECC 15, 179–200 (2004). https://doi.org/10.1007/s00200-004-0164-6

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00200-004-0164-6

Key words

Search

Navigation