Abstract
Using more than two factors in the modulus of the RSA cryptosystem has the arithmetic advantage that the private key computations can be speeded up using Chinese remaindering. At the same time, with a proper choice of parameters, one does not have to work with a larger modulus to achieve the same level of security in terms of the difficulty of the integer factorization problem. However, numerous attacks on specific instances on the RSA cryptosystem are known that apply if, for example, the decryption or encryption exponent are chosen too small, or if partial knowledge of the private key is available. Little work is known on how such attacks perform in the multi-prime case. It turns out that for most of these attacks it is crucial that the modulus contains exactly two primes. They become much less effective, or fail, when the modulus factors into more than two distinct primes.
Chapter PDF
References
D. Boneh and G. Durfee. Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory, 46(4):1339–1349, 2000.
D. Boneh, G. Durfee, and Y. Frankel. Exposing an RSA private key given a small fraction of its bits. In Advances in Cryptology — ASIACRYPT’ 98, volume 1514 of Lecture Notes In Computer Science, pages 25–34. Springer-Verlag, 1998. Revised and extended version available from http://crypto.stanford.edu/~dabo/pubs.html.
J. Blömer and A. May. Low secret exponent RSA revisited. In Cryptography and Lattices — Proceedings of CALC’ 01, volume 2146 of Lecture Notes In Computer Science, pages 4–19. Springer-Verlag, 2001.
D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the American Mathematical Society, 46(2):203–213, 1999.
D. Boneh and H. Shacham. Fast variants of RSA. CryptoBytes (The technical newsletter of RSA laboratories), 5(1):1–9, 2002.
T. Collins, D. Hopkins, S. Langford, and M. Sabin. Public Key Cryptography Apparatus and Method. US Patent 5,848,159, Jan. 1997.
D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4):233–260, 1997.
G. Durfee and P. Q. Nguyen. Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt’ 99. In Advances in Cryptology — ASIACRYPT 2000, volume 1976 of Lecture Notes In Computer Science, pages 14–29. Springer-Verlag, 2000.
N.A. Howgrave-Graham. Finding small roots of univariate modular equations revisited. In Cryptography and Coding, volume 1355 of Lecture Notes In Computer Science, pages 131–142. Springer-Verlag, 1997.
M. J. Hinek. Low public exponent partial key and low private exponent attacks on multi-prime RSA. Master’s thesis, University of Waterloo, Dept. of Combinatorics and Optimization, 2002.
G. H. Hardy and E. M. Wright. An Introduction to the Theory of Numbers. Oxford University Press, fourth edition, 1960.
A. K. Lenstra. Unbelievable security: Matching AES security using public key systems. In Advances in Cryptology — ASIACRYPT 2001, volume 2248 of Lecture Notes In Computer Science, pages 67–86. Springer-Verlag, 2001.
A. Lenstra, H. Lenstra, and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261:515–534, 1982.
M.K. Low. Attacks on multi-prime RSA with low private exponent or medium-sized public exponent. Master’s thesis, Univ. of Waterloo, Dept. of Combinatorics and Optimization, 2002.
A. May. Cryptanalysis of unbalanced RSA with small CRT-exponent. In Advances in Cryptology — CRYPTO 2002, Lecture Notes In Computer Science. Springer-Verlag, 2002.
C. D. Olds. Continued Fractions. Random House, Inc., 1963.
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
V. Shoup. Number theory library (NTL), Version 5.2. http://www.shoup.net/ntl.
D. R. Stinson. Cryptography: Theory and Practice. CRC Press LLC, 1995.
R. Steinfeld and Y. Zheng. An advantage of low-exponent RSA with modulus primes sharing least significant bits. In Proceedings RSA Conference 2001, Cryptographer’s Track, volume 2020 of Lecture Notes in Computer Science, pages 52–62. Springer-Verlag, 2001.
J. W. M. Turk. Fast arithmetic operations on numbers and polynomials. In H.W. Lenstra, Jr. and R. Tijdeman, editors, Computational Methods in Number Theory, Part I. Mathematisch Centrum, Amsterdam, 1982.
M. J. Wiener. Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory, 36(3):553–558, 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hinek, M.J., Low, M.K., Teske, E. (2003). On Some Attacks on Multi-prime RSA. In: Nyberg, K., Heys, H. (eds) Selected Areas in Cryptography. SAC 2002. Lecture Notes in Computer Science, vol 2595. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36492-7_25
Download citation
DOI: https://doi.org/10.1007/3-540-36492-7_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00622-0
Online ISBN: 978-3-540-36492-4
eBook Packages: Springer Book Archive