Abstract
We consider an RSA variant with Modulus \(N=p^rq\). This variant is known as Prime Power RSA. In PKC 2004, May proved when decryption exponent \(d<N^{ \frac{r}{(r+1)^2}}\) or \(d< N^{\left( \frac{r-1}{r+1}\right) ^2}\), one can factor \(N\) in polynomial time. In this paper, we improve this bound when \(r \le 5\). We provide detailed experimental results to justify our claim.
Similar content being viewed by others
References
Bauer A., Joux A.: Toward a rigorous variation of Coppersmith’s algorithm on three variables. In: Eurocrypt 2007. LNCS, vol. 4515, pp. 361–378. Springer, Berlin, Heidelberg (2007).
Boneh D.: Twenty years of attacks on the RSA cryptosystem. Not. Am. Math. Soc. 46(2), 203–213 (1999).
Boneh D., Durfee G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). In: Eurocrypt 1999. LNCS, vol. 1592, pp. 1–11. Springer, Berlin, Heidelberg (1999).
Boneh D., Durfee G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inform. Theory 46(4), 1339–1349 (2000).
Boneh D., Durfee G., Howgrave-Graham N.: Factoring \(N = p^{r}q\) for large \(r\). In: Crypto 1999. LNCS, vol. 1666, pp. 326–337. Springer, Berlin, Heidelberg (1999).
Coppersmith D.: Small solutions to polynomial equations and low exponent vulnerabilities. J. Cryptol. 10(4), 223–260 (1997).
Cox D., Little J., O’Shea D.: Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3rd edn. Springer, New York (2007).
Durfee G., Nguyen P.: Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt ’99. In: Asiacrypt 2000. LNCS, vol. 1976, pp. 14–29. Springer, Berlin, Heidelberg (2000).
Fujioka A., Okamoto T., Miyaguchi S.: ESIGN: An efficient digital signature implementation for smard cards. In: Eurocrypt 1991. LNCS, vol. 547, pp. 446–457. Springer, Berlin, Heidelberg (1991).
Håstad J.: On using RSA with low exponent in public key network. In: Advances in Cryplogy-CRYPTO’85 Proceedings. Lecture Notes in Computer Science, pp. 403–408. Springer, New York (1986).
Howgrave-Graham N.: Finding small roots of univariate modular equations revisited. In: Proceedings of IMA International Conference on Cryptography and Coding. LNCS, vol. 1355, pp. 131–142. Springer, Berlin, Heidelberg (1997).
Itoh K., Kunihiro N., Kurosawa K.: Small secret key attack on a variant of RSA (due to Takagi). In: CT-RSA 2008. LNCS, vol. 4964, pp. 387–406. Springer, Berlin, Heidelberg (2008).
Itoh K., Kunihiro N., Kurosawa K.: Small secret key attack on a Takagi’s variant of RSA. IEICE Trans. A 92(1), 33–41 (2009).
Jochemsz E.: Cryptanalysis of RSA variants using small roots of polynomials. Ph.D. Thesis, Technische Universiteit Eindhoven (2007).
Lenstra A.K., Lenstra Jr. H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982).
Lenstra Jr. H.W.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987).
May A.: Secret exponent attacks on RSA-type schemes with moduli \(N= p^{r}q\). In: PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Berlin, Heidelberg (2004).
May A.: Using LLL-reduction for solving RSA and factorization problems: a survey. In: LLL\(+25\) Conference in Honour of the 25th Birthday of the LLL Algorithm. Springer, Berlin, Heidelberg (2007).
Okamoto T., Uchiyama S.: A New public key cryptosystem as secure as factoring. In: Eurocrypt 1998. LNCS, vol. 1403, pp. 308–318. Springer, Berlin, Heidelberg (1998).
Peralta R., Okamoto T.: Faster factoring of integers of special form. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. A E79(4), 489–493 (1996).
Rivest R.L., Shamir A., Adleman L.: A method for obtaining digital signatures and public key cryptosystems. Commun. ACM 21(2), 158–164 (1978).
Sun H.M., Yang W.C., Laih C.S.: On the design of RSA with short secret exponent. In: Asiacrypt 1999. LNCS, vol. 1716, pp. 150–164. Springer, Berlin, Heidelberg (1999).
Takagi T.: Fast RSA-type cryptosystem modulo \(p^{k}q\). In: Crypto 1998. LNCS, vol. 1462, pp. 318–326. Springer, Berlin, Heidelberg (1998).
Wiener M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inform. Theory 36(3), 553–558 (1990).
Author information
Authors and Affiliations
Corresponding author
Additional information
This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.
This is a thoroughly revised and extended version of the paper “Small Secret Exponent Attack on RSA Variant with Modulus \(N=p^2q\)” that has been presented in WCC 2013, April 15–19, 2013, Bergen, Norway. In this paper, we consider the general case \(N=p^rq\) for \(r \ge 2\).
Rights and permissions
About this article
Cite this article
Sarkar, S. Small secret exponent attack on RSA variant with modulus \(N=p^rq\) . Des. Codes Cryptogr. 73, 383–392 (2014). https://doi.org/10.1007/s10623-014-9928-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-014-9928-6