Abstract
Thus far, partial key exposure attacks on RSA have been intensively studied using lattice based Coppersmith’s methods. In the context, attackers are given partial information of a secret exponent and prime factors of (Multi-Prime) RSA where the partial information is exposed in various ways. Although these attack scenarios are worth studying, there are several known attacks whose constructions have similar flavor. In this paper, we try to formulate general attack scenarios to capture several existing ones and propose attacks for the scenarios. Our attacks contain all the state-of-the-art partial key exposure attacks, e.g., due to Ernst et al. (Eurocrypt’05) and Takayasu-Kunihiro (SAC’14, ICISC’14), as special cases. As a result, our attacks offer better results than previous best attacks in some special cases, e.g., Sarkar-Maitra’s partial key exposure attacks on RSA with the most significant bits of a prime factor (ICISC’08) and Hinek’s partial key exposure attacks on Multi-Prime RSA (J. Math. Cryptology ’08). We claim that our contribution is not only generalizations or improvements of the existing results. Since our attacks capture general exposure scenarios, the results can be used as a tool kit; the security of some future variants of RSA can be examined without any knowledge of Coppersmith’s methods.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Blömer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_2
Blömer, J., May, A.: A tool kit for finding small roots of bivariate polynomials over the integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005). doi:10.1007/11426639_15
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)
Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998). doi:10.1007/3-540-49649-1_3
Ciet, M., Koeune, F., Laguillaumie, F., Quisquater, J.J.: Short private exponent attacks on fast variants of RSA. UCL Crypto Group Technical report series CG-2002/4, University Catholique de Louvain (2002)
Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_16
Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_14
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
Coppersmith, D.: Finding small solutions to small degree polynomials. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 20–31. Springer, Heidelberg (2001). doi:10.1007/3-540-44670-2_3
Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_29
Coron, J.-S.: Finding small roots of bivariate integer polynomial equations: a direct approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379–394. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_21
Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005). doi:10.1007/11426639_22
Hinek, M.J.: On the security of multi-prime RSA. J. Math. Cryptol. 2(2), 117–147 (2008)
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). doi:10.1007/BFb0024458
Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). doi:10.1007/11935230_18
Lenstra, A., Lenstra, H., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982)
May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003)
May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P.Q., Vallée, B. (eds.) The LLL Algorithm - Survey and Applications. Information Security and Cryptography, pp. 315–348. Springer, Heidelberg (2010). doi:10.1007/978-3-642-02295-1_10
Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001). doi:10.1007/3-540-44670-2_12
Sarkar, S., Maitra, S.: Improved partial key exposure attacks on RSA by guessing a few bits of one of the prime factors. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 37–51. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00730-9_3
Sarkar, S., Maitra, S., Sarkar, S.: RSA cryptanalysis with increased bounds on the secret exponent using less lattice dimension. IACR Cryptology ePrint Archive 2008, 315 (2008)
Sarkar, S., Sen Gupta, S., Maitra, S.: Partial key exposure attack on RSA – improvements for limited lattice dimensions. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 2–16. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17401-8_2
Sun, H.-M., Wu, M.-E., Steinfeld, R., Guo, J., Wang, H.: Cryptanalysis of short exponent RSA with primes sharing least significant bits. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 49–63. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89641-8_4
Takayasu, A., Kunihiro, N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. IEICE Trans. 97-A(6), 1259–1272 (2014)
Takayasu, A., Kunihiro, N.: General bounds for small inverse problems and its applications to multi-prime RSA. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 3–17. Springer, Heidelberg (2015). doi:10.1007/978-3-319-15943-0_1
Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA: achieving the Boneh-Durfee bound. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 345–362. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13051-4_21
Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67–97. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_4
Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA with multiple exponent pairs. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 243–257. Springer, Heidelberg (2016). doi:10.1007/978-3-319-40367-0_15
de Weger, B.: Cryptanalysis of RSA with small prime difference. Appl. Algebra Eng. Commun. Comput. 13(1), 17–28 (2002)
Zhang, H., Takagi, T.: Attacks on multi-prime RSA with small prime difference. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 41–56. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39059-3_4
Zhang, H., Takagi, T.: Improved attacks on multi-prime RSA with small prime difference. IEICE Trans. 97-A(7), 1533–1541 (2014)
Acknowledgement
The first author is supported by a JSPS Fellowship for Young Scientists. This research was supported by CREST, JST, and supported by JSPS Grant-in-Aid for JSPS Fellows 14J08237 and KAKENHI Grant Number 25280001 and 16H02780.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Takayasu, A., Kunihiro, N. (2017). A Tool Kit for Partial Key Exposure Attacks on RSA. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-52153-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52152-7
Online ISBN: 978-3-319-52153-4
eBook Packages: Computer ScienceComputer Science (R0)