Abstract
We address the problem of factoring a large RSA modulus \(N=pq\) with p and q sharing a portion of bits in the middle. New polynomial time algorithms for computing the prime decomposition of N under certain conditions are presented. As an application, several attacks against RSA system using this class of moduli with low public exponent are described. Our results suggest that such integers are not appropriate for cryptographic purposes.
Similar content being viewed by others
References
Bach, E., Shallit, J.: Algorithmic Number Theory: Efficient Algorithms. MIT press, Cambridge (1996)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). In: Stern, J. (ed.) Advances in Cryptology, EUROCRYPT’99, pp. 1–11. Springer, Berlin (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)
Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA private key given a small fraction of its bits. Available at Boneh’s web page at: http://crypto.stanford.edu/~dabo/abstracts/bits_of_d.html. Revised version of Asiacrypt’98 paper
Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) Advances in Cryptology, ASIACRYPT’98, pp. 25–34. Springer, Berlin (1998)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
De Weger, B.: Cryptanalysis of RSA with small prime difference. Appl. Algebra Eng. Commun. Comput. 13(1), 17–28 (2002)
Koblitz, N.: A Course in Number Theory and Cryptography. Springer, Berlin (1994)
Lehmer, D.H., Powers, R.E.: On factoring large numbers. Bull. Am. Math. Soc. 37(10), 770–776 (1931)
Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve, vol 1554. Lecture Notes in Mathematics. Springer (1993)
Lenstra Jr., H.W. : Factoring integers with elliptic curves. Ann. Math. 649–673 (1987)
Pollard, J.M. :Theorems on factorization and primality testing. In: Mathematical Proceedings of the Cambridge Philosophical Society, vol. 76. Cambridge University Press, pp. 521–528 (1974)
Pollard, J.M.: A Monte Carlo method for factorization. BIT Numer. Math. 15(3), 331–334 (1975)
Pomerance, C.: The quadratic sieve factoring algorithm. In: Beth, T., Cot, N., Ingemarsson, I., (eds.), Advances in Cryptology, EUROCRYPT’84 . pp. 169–182 (1985)
Rivest, R.L., Shamir, A.: Efficient factoring based on partial information. In: Pichler, F. (ed.) Advances in Cryptology, EUROCRYPT’85, pp. 31–34. Springer, Berlin (1985)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Steinfeld, R., Zheng, Y.: An advantage of low-exponent RSA with modulus primes sharing least significant bits. In: Naccache, D. (ed.) Topics in Cryptology, CT-RSA 2001, pp. 52–62. Springer, Berlin (2001)
Steinfeld, R., Zheng, Y.: On the security of RSA with primes sharing least-significant bits. Appl. Algebra Eng. Commun. Comput. 15(3–4), 179–200 (2004)
Sun, H.-M., Wu, M.-E., Steinfeld, R., Guo, J., Wang, H.: Cryptanalysis of short exponent RSA with primes sharing least significant bits. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) Cryptology and Network Security, CANS 2008, pp. 49–63. Springer, Berlin (2008)
Sun, H.-M., Wu, M.-E., Wang, H., Guo, J.: On the improvement of the BDF attack on LSBS-RSA. In: Mu, Y., Susilo, W., Seberry, J. (eds.) Information Security and Privacy, ACISP 2008, pp. 84–97. Springer, Berlin (2008)
Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990)
Zhao, Y.-D., Qi, W.-F.: Small private-exponent attack on RSA with primes sharing bits. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) Information Security, ISC 2007, pp. 221–229. Springer, Berlin (2007)
Acknowledgements
This work is supported by the project PHC Maghreb 14MAG14.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Akchiche, O., Khadir, O. Factoring RSA moduli with primes sharing bits in the middle. AAECC 29, 245–259 (2018). https://doi.org/10.1007/s00200-017-0340-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00200-017-0340-0