Skip to main content
SpringerLink
Log in

Cryptanalysis of RSA with composed decryption exponent with few most significant bits of one of the primes

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

RSA is well known public-key cryptosystem in modern-day cryptography. Since the inception of the RSA, several attacks have been proposed on RSA. The Boneh–Durfee attack is the most prominent and they showed that if the secrete exponent is less than 0.292, RSA is completely vulnerable. In this paper, we further investigate the vulnerability of RSA whenever a secret exponent is large and the composite form with a few most significant bits of one of the primes exposed. Having a large secret exponent can avoid the Boneh–Durfee attack, but in this attack, we show that even though the secret exponent is large and has some specialized structure then RSA is still vulnerable. We follow the Jochemsz and May strategy for constructing the lattice, and the LLL algorithm is used for lattice reduction. Our attack outperforms most of the previous attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  2. Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36, 553–558 (1990)

    Article  MathSciNet  Google Scholar 

  3. Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key d Less than N^{0:292}. Advances in Cryptology—Proceedings of Eurocrypt '99, Lecture Notes in Computer Science 1952, pp. 1–11 (1999)

  4. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol.Cryptol. 10(4), 233–260 (1997)

    Article  MathSciNet  Google Scholar 

  5. Lenstra, A.K., Lenstra, H.W., Lovasz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  Google Scholar 

  6. Cohen, H.: A Course in Computational Algebraic Number, 2nd edn. Springer-Verlag, Berlin (1995)

    Google Scholar 

  7. de Weger, B.: Cryptanalysis of RSA with a small prime difference. Appl. Algebra Eng. Commun. Comput.Commun. Comput. 13(1), 17–28 (2002)

    MathSciNet  Google Scholar 

  8. Luo, P., Zhou, H., Wang, D., Dai, Y.: Cryptanalysis of RSA for a special case with \(d>e\). Science in China Press, Springer, vol. 52(4), pp. 609–616 (2008)

  9. Mumtaj, M., Ping, L.: An Improved Cryptanalysis of Large decryption exponent with constrained secret key. Int. J. Inf. Comput. Secur.Comput. Secur. 14(2), 102–117 (2021)

    Google Scholar 

  10. Cherkaoui-Semmouni, M., Nitaj, A., Susilo, W., Tonien, J.: Cryptanalysis of RSA variants with primes sharing most significant bits. In: Liu, J.K., Katsikas, S., Meng, W., Susilo, W., Intan, R. (eds.) Information Security. ISC 2021. Lecture Notes in Computer Science, vol. 13118. Springer, Cham (2021)

    Google Scholar 

  11. Mahad, Z., Ariffin, M.R.K., Ghafar, A.H.A., Salim, N.R.: Cryptanalysis of RSA-variant cryptosystem generated by potential rogue CA methodology. Symmetry 14, 1498 (2022)

    Article  ADS  Google Scholar 

  12. Ruzai, W.N.A.W.M., et al.: Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis. Comput. Stand Interfaces 80, 103584 (2022)

    Article  Google Scholar 

  13. Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA private key given a small fraction of its bits. In: Asiacrypt’98, LNCS 1514, pp. 25–34. Springer-Verlag (1998)

  14. Blomer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)

    Google Scholar 

  15. Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial exposure attacks on RSA up to full-size exponents. In: Cramer, R. (ed.) Advances in Cryptology Eurocrypt 2005. Lecture Notes in Computer Science, vol. 3494, pp. 371–386. Springer-Verlag, Berlin (2005)

    Chapter  Google Scholar 

  16. Aono, Y.: A new lattice construction for partial key exposure attack for RSA. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography, Volume 5443 of Lecture Notes in Computer Science, pp. 34–53. Springer, Berlin (2009)

    Google Scholar 

  17. Sarkar, S., Maitra, S.: Partial exposure attacks on RSA and its variants by considering a few bits of one of the prime factors. Bull. Korean Math. Soc.. Korean Math. Soc. 46(4), 721–741 (2009)

    Article  MathSciNet  Google Scholar 

  18. Sarkar, S.: Partial key exposure: generalized framework to attack RSA. In: Berstein, J., Chatterjee, S. (eds.) INDOCRYPT, Lecture Notes in Computer Science, vol. 7107, pp. 76–92. Springer, Berlin (2011)

    Google Scholar 

  19. Huang, Z., Hu, L., Xu, J.: Attacking RSA with a composed decryption exponent using unravelled linearization. In: 10th International Conference on Information Security and Cryptology, In Scrypt 2014, Dec 13–15, (2014)

  20. Huang, Z., Hu, L., Xu, J.: Attacking RSA with a composed decryption exponent using unravelled linearization. In: Lin, D., Yung, M., Zhou, J. (eds.) Information Security and Cryptology. Inscrypt 2014. Lecture Notes in Computer Science, vol. 8957. Springer, Cham (2012)

    Google Scholar 

  21. Sarkar, S., Maitra, S.: Cryptanalysis of RSA with two decryption exponents. Inf. Process. Lett. 110(5), 178–181 (2010)

    Article  MathSciNet  Google Scholar 

  22. Santosh Kumar, R., Krishna, S.R.M.: Cryptanalysis of RSA with the small difference of primes and two decryption exponents: Jochemsz and May approach. Cryptologia (2022). https://doi.org/10.1080/01611194.2022.2109943

    Article  Google Scholar 

  23. Hinek, M.J., Yam, C.C.Y.: Common modulus attacks on small private exponent RSA and some fast variants (in practice), Cryptology ePrint Archive, Report 2009/037 (2009)

  24. Rivest, R.L., Shamir, A.: Efficient Factoring based on partial information. In: Pichler, F. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 219, pp. 31–34. Springer, Berlin (1986)

    Google Scholar 

  25. Coppersmith, D.: Finding a small root of a bivariate integer equation: factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT, Lecture Notes in Computer Science, vol. 1070, pp. 178–189. Springer, Berlin (1996)

    Google Scholar 

  26. Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIA-CRYPT, Lecture Notes in Computer Science, vol. 1514, pp. 25–34. Springer, Berlin (1998)

    Google Scholar 

  27. Hermann, M, May A.: On factoring arbitrary integers with known bits. Cryptology ePrint Archive, Report 374 (2007)

  28. Blomer, J., May, A.: Low secret exponent RSA revisited. In: Silverman, J.H. (ed.) CaLC, volume 2146 of Lecture Notes in Computer Science, pp. 4–19. Springer, Heidelberg (2001)

    Google Scholar 

  29. Nitaj, A.: A new attack on RSA with a composed decryption exponent. Int. J. Cryptogr. Inf. Secur. 3(4), 1121 (2013)

    Google Scholar 

  30. Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA: achieving the Boneh–Durfee bound. Theor. Comput. Sci.. Comput. Sci. 761, 51–77 (2019)

    Article  MathSciNet  Google Scholar 

  31. Suzuki, K., Takayasu, A., Kunihiro, N.: Extended partial key exposure attacks on RSA: improvement up to full-size decryption exponents. Theor. Comput. Sci.. Comput. Sci. 841, 62–83 (2020)

    Article  MathSciNet  Google Scholar 

  32. Proos , J.A.: Imperfect Decryption and Partial Information Attacks in Cryptography. PhD thesis, University of Waterloo (2003)

  33. Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: ASIACRYPT 2006, LNCS, vol. 4284, pp. 267–282. Springer-Verlag (2006)

  34. Howgrave-Graham, N.: Finding small roots univariate modular equations revisited. In: cryptography and coding, LNCS 1355, pp. 131–142. Springer-Verlag (1997)

  35. Stein, W.A., et al.: Sage Mathematical Software. The Sage Development Team (2011), http://www.sagemath.org

Download references

Author information

Authors and Affiliations

  1. Vasavi College of Engineering, Hyderabad, India

    R. Santosh Kumar

  2. CVR College of Engineering, Ibrahimpatnam, India

    K. L. N. C. Prakash

  3. Chaitanya Bharathi Institute of Technology, Hyderabad, India

    S. R. M. Krishna

Authors
  1. R. Santosh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. L. N. C. Prakash
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. R. M. Krishna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Santosh Kumar.

Ethics declarations

Conflict of interest

The authors declare that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Santosh Kumar, R., Prakash, K.L.N.C. & Krishna, S.R.M. Cryptanalysis of RSA with composed decryption exponent with few most significant bits of one of the primes. J Comput Virol Hack Tech 20, 195–202 (2024). https://doi.org/10.1007/s11416-023-00508-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-023-00508-8

Keywords

Search

Navigation