Abstract
RSA is a well-known cryptosystem in public-key cryptography and the strength of the cryptosystem depends on the hardness of factoring large integers. Several attacks have been proposed by using the partial information of the secret parameters, which can be obtained by side-channel attacks. Partial key exposure attacks exploit the information gained by a side-channel attack(s) and identify the potential of the RSA cryptosystem if an attacker knows that partial information. In this paper, we investigate the strength of RSA, if an attacker obtains some blocks of the secret exponent, and by guessing successfully a few most significant bits (MSBs) of any of the primes in RSA. Some blocks of the secret exponent can be extracted by cold boot attack and some MSBs of any of the primes can be guessed correctly. We apply LLL algorithm to attack the RSA and follow the Jochemsz and May approach to construct the lattice.
Similar content being viewed by others
References
Rivest, R.L., Shamir, A., Adleman, M.: A Method for obtaining digital signatures and public key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36, 553–558 (1990)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key d Less than N^292. IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)
Blomer, J., May, A.: Low secret exponent RSA revisited. In: Silverman, J.H. (ed.) CaLC, Volume 2146 of Lecture Notes in Computer Science, pp. 4–19. Springer (2001)
De Weger, B.: Cryptanalysis of RSA with small prime difference. Appl. Algebra Eng. Commun. Comput. 13(1), 17–28 (2002)
Santosh Kumar, R., Narasimham, C., Pallamsetty, S.: Cryptanalysis of RSA with a small prime difference by using Unravelled linearization. Int. J. Comput. Appl. 61(3), 14–16 (2013)
Santosh Kumar, R., Krishna, S.R.M.: Cryptanalysis of RSA with small difference of primes and two decryption exponents: Jochemsz and May approach. Cryptologia (2022)
Takayasu, A., Kuniharo, N.: Cryptanalysis of RSA with multiple secret exponents. In: Takayasu, A., Kunihiro, N. (eds.) ACISP, LNCS, vol. 8544, pp. 176–191. Springer, NSW, Australia (2014)
Sarkar, S., Maitra, S.: Cryptanalysis of RSA with more than one decryption exponent. Inf. Process. Lett. 110(8–9), 336–340 (2009)
Sarkar, S., Maitra, S.: Cryptanalysis of RSA with two decryption exponents. Inf. Process. Lett. 110(5), 178–181 (2010)
Susilo, W., Tonien, J., Yang, G.: Divide and capture: an improved cryptanalysis of the encryption standard algorithm RSA. Comput. Stand. Interfaces 74, 103470 (2021)
Nitaj, A., Ariffin, M.R.K., Adenan, N.N.H., Merenda, D.S., Ahmadian, A.: Exponential increment of RSA attack range via lattice-based cryptanalysis. Multimedia Tools Appl. 40, 1–16 (2021)
Luo, P., Zhou, H., Wang, D., Dai, Y.: Cryptanalysis of RSA for a special case with d > e. Sci. China Ser. F Inf. Sci. 52(4), 609–616 (2009)
Mumtaz, M., Ping, L.: An improved cryptanalysis for large RSA decryption exponent with constrained secret key’. Int. J. Inf. Comput. Secur. 14(2), 102–117 (2019)
Rivest, R.L., Shamir, A.: Efficient Factoring based on partial information. In: Pichler, F. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 219, pp. 31–34. Springer (1986)
Coppersmith, D.: Finding a small roots of a univariate modular equation. In: Maurer, U.M. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 1070, pp. 155–165. Springer (1996)
Lenstra, A.K., Lenstra, H.W., Jr., Lovasz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Coppersmith, D.: Finding a small root of a bivariate integer equation: factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 1070, pp. 178–189. Springer (1996)
Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIA-CRYPT, Lecture Notes in Computer Science, vol. 1514, pp. 25–34. Springer (1998)
Blomer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO Lecture Notes in Computer Science, vol. 2729, pp. 27–43. Springer, New York (2003)
Ernst, M., Jochemsz, E., May, A., deWeger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 3494, pp. 371–386. Springer (2005)
Sarkar, S., Maitra, S.: Partial key exposure attacks on RSA and its variant by guessing a few bits of one of the prime factors. Bull. Korean Math. Soc. 46(4), 721–741 (2009)
Aono, Y.: A new lattice construction for partial key exposure attack for RSA. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography, Lecture Notes in Computer Science, vol. 5443, pp. 34–53. Springer (2009)
Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA: achieving the Boneh-Durfee bound. In: Joux, A., Youssef, A.M. (eds.) Selected Areas in Cryptography—SAC 2014—21st International Conference Lecture Notes in Computer Science, vol. 8781, pp. 345–362. Springer (2014)
Joye, M., Le Point, L.: Partial Key Exposure on RSA with private exponents larger than N. In: Proceedings of the 8th International Conference on Information Security Practice and Experience, vol. 7232, pp. 369–380 (2012)
Takayasu, A., Kunihiro, N.: A tool kit for partial key exposure attacks on RSA. In: Handschuh, H. (ed.) Topics in Cryptology—CT-RSA 2017—The Cryptographers’ Track at the RSA Conference 2017, Lecture Notes in Computer Science, vol. 10159, pp. 58–73. Springer (2017)
Alex Halderman, J., Schoen, D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, J., Appelbaum, J., Felten, W.: Lest we remember: cold boot attacks on encryption keys. In: 17th USENIX Security Symposium, San Jose, CA (2008)
Sarkar, S.: Partial key exposure: generalized framework to attack RSA. In: Berstein, J., Chattarjee, S. (eds.) INDOCRYPT, Lecture Notes in Computer Science, vol. 7107, pp. 76–92. Springer (2011)
Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Not. Am. Math. Soc. 46(2), 203–213 (1999)
Mumtaz, M., Ping, L.: Forty years of attacks on the RSA cryptosystem: a brief survey. J. Discrete Math. Sci. Cryptogr. 22(1), 9–29 (2019)
Mumtaz, M., Ping, L.: An improved cryptanalysis for large RSA decryption exponent with constrained secret key. Int. J. Inf. Comput. Secur. 14(2), 102–117 (2019)
Bernstein, D.J., et al.: Factoring RSA keys from certified smart cards: coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology—ASIACRYPT 2013. ASIACRYPT 2013. Lecture Notes in Computer Science, vol. 8270. Springer (2013)
Proos, J.A.: Imperfect Decryption and Partial Information Attacks in Cryptography. Ph.D. thesis, University of Waterloo (2003)
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) IMA International Conference, Volume 1355 of Lecture Notes in Computer Science, pp. 131–142. Springer (1997)
Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT, Volume 3027 of Lecture Notes in Computer Science, pp. 492–505. Springer (2004)
Jochemsz, E.: Cryptanalysis of RSA Variants Using Small roots of Polynomials. Ph.D. thesis, Technische Universiteit Eindhoven (2007)
Jochmesz, E., deWeger, B.: A Strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT, Lecture Notes in Computer Science, vol. 4284, pp. 267–282. Springer (2007)
Hermann, M., May, A.: On factoring arbitrary integers with known bits. Cryptology ePrint Archive, report 374 (2007)
Suzuki, K., Takayasu, A., Kunihiro, N.: Extended partial key exposure attacks on RSA: improvement up to full size decryption exponents. Theoret. Comput. Sci. 841, 62–83 (2020)
Developers, T.S., Stein, W., Joyner, D., Kohel, D., Cremona, J., Eröcal, B.: SageMath. http://www.sagemath.org
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ravva, S., Prakash, K.L.N.C. & Krishna, S.R.M. Partial key exposure attack on RSA using some private key blocks. J Comput Virol Hack Tech 20, 185–193 (2024). https://doi.org/10.1007/s11416-023-00507-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-023-00507-9