Abstract
In this paper, we study the problem of factoring an RSA modulus N = pq in polynomial time, when p is a weak prime, that is, p can be expressed as ap = u 0 + M 1 u 1 + … + M k u k for some k integers M 1,…, M k and k + 2 suitably small parameters a, u 0,…u k . We further compute a lower bound for the set of weak moduli, that is, moduli made of at least one weak prime, in the interval [22n,22(n + 1)] and show that this number is much larger than the set of RSA prime factors satisfying Coppersmith’s conditions, effectively extending the likelihood for factoring RSA moduli. We also prolong our findings to moduli composed of two weak primes.
Partially supported by the French SIMPATIC (SIM and PAiring Theory for Information and Communications security).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ANSI Standard X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA)
Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., van Someren, N.: Factoring RSA keys from certified smart cards: Coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013)
Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices Amer. Math. Soc. 46(2), 203–213 (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)
Compaq Computer Corperation. Cryptography using Compaq multiprime technology in a parallel processing environment (2002), ftp://ftp.compaq.com/pub/solutions/CompaqMultiPrimeWP.pdf
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)
Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers. Oxford University Press, London (1975)
Håstad, J.: On Using RSA with Low Exponent in a Public Key Network. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 403–408. Springer, Heidelberg (1986)
Hastad, J.: Solving simultaneous modular equations of low degree. SIAM J. of Computing 17, 336–341 (1988)
Herrmann, M., May, A.: Solving linear equations modulo divisors: On factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 406–424. Springer, Heidelberg (2008)
Lenstra, H.: Factoring integers with elliptic curves. Annals of Mathematics 126, 649–673 (1987)
Lenstra, A.K., Lenstra Jr., H.W.: The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
Lu, Y., Zhang, R., Lin, D.: New Results on Solving Linear Equations Modulo Unknown Divisors and its Applications, Cryptology ePrint Archive, Report 2014/343 (2014), https://eprint.iacr.org/2014/343
May, A.: New RSA Vulnerabilities Using Lattice Reduction Methods. PhD thesis, University of Paderborn (2003)
Nitaj, A.: Another generalization of wiener’s attack on RSA. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 174–190. Springer, Heidelberg (2008)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Zimmermann, P.: 50 largest factors found by ECM, http://www.loria.fr/~zimmerma/records/top50.html
de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13(1), 17–28 (2002)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36, 553–558 (1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Nitaj, A., Rachidi, T. (2015). Factoring RSA Moduli with Weak Prime Factors. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-18681-8_29
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18680-1
Online ISBN: 978-3-319-18681-8
eBook Packages: Computer ScienceComputer Science (R0)