Abstract
In this paper, we study the RSA public key cryptosystem in a special case with the private exponent d larger than the public exponent e. When N 0.258 ⩽ e ⩽ N 0.854, d > e and satisfies the given conditions, we can perform cryptanalytic attacks based on the LLL lattice basis reduction algorithm. The idea is an extension of Boneh and Durfee’s researches on low private key RSA, and provides a new solution to finding weak keys in RSA cryptosystems.
Similar content being viewed by others
References
Rivest R, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Commun Acm, 1979, 21(2): 120–126
Wiener M. Cryptanalysis of short RSA secret exponents. IEEE T Inforem Theory, 1990, 36: 553–558
Boneh D, Durfee G. Cryptanalysis of RSA with private key d less than N 0.292. In: Proceeding of Eurocrypt’99. LNCS, Vol. 1592. Berlin: Springer-Verlag, 1999. 1–11
Blömer J, May A. Low secret exponent RSA revisited. In: Cryptography and Lattice Conference-CalC 2001. LNCS, Vol. 2146. Berlin: Springer-Verlag, 2001. 4–19
Hastad J. Solving simultaneous modular equations of low degree. SIAM J Comput, 1988, 17: 336–341
Boneh D, Durfee G, Frankel Y. An attack on RSA given a fraction of the private key bits. In: Proceeding of Asiacrypt’98. LNCS, Vol. 1514. Berlin: Springer-Verlag, 1998. 25–34
Lenstra A K, Lenstra H W, Lovász L. Factoring polynomials with rational coefficients. Math Ann, 1982, 261: 513–534
Jutla C. On finding small solutions of modular multivariate polynomial equations. In: Proceeding of Eurocrypt’98. LNCS, Vol. 1403. Berlin: Springer-Verlag, 1998. 158–170
Nguyen P Q, Stehlé D. Floating-point LLL revisited. In: Proceeding of Eurocrypt 2005. LNCS, Vol. 3494. Berlin: Springer-Verlag, 2005. 215–233
Coppersmith D. Small solution to polynomial equations, and low exponent RSA vulnerabilities. J Cryptoi, 1997, 10(4): 233–260
Howgrave-Graham N. Finding small roots of univariate modular equations revisited. In: Cryptology and Coding. LNCS, Vol. 1355. Berlin: Springer-Verlag, 1997. 131–142
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported partially by the National Basic Research Program of China (Grant No. 2003CB314805), the National Natural Science Foundation of China (Grant Nos. 90304014 and 60873249), and the Project funded by Basic Research Foundation of School of Information Science and Technology of Tsinghua
Rights and permissions
About this article
Cite this article
Luo, P., Zhou, H., Wang, D. et al. Cryptanalysis of RSA for a special case with d >e . Sci. China Ser. F-Inf. Sci. 52, 609–616 (2009). https://doi.org/10.1007/s11432-009-0014-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-009-0014-z