Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2017: Topics in Cryptology – CT-RSA 2017 pp 58–73Cite as

A Tool Kit for Partial Key Exposure Attacks on RSA

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10159))

Abstract

Thus far, partial key exposure attacks on RSA have been intensively studied using lattice based Coppersmith’s methods. In the context, attackers are given partial information of a secret exponent and prime factors of (Multi-Prime) RSA where the partial information is exposed in various ways. Although these attack scenarios are worth studying, there are several known attacks whose constructions have similar flavor. In this paper, we try to formulate general attack scenarios to capture several existing ones and propose attacks for the scenarios. Our attacks contain all the state-of-the-art partial key exposure attacks, e.g., due to Ernst et al. (Eurocrypt’05) and Takayasu-Kunihiro (SAC’14, ICISC’14), as special cases. As a result, our attacks offer better results than previous best attacks in some special cases, e.g., Sarkar-Maitra’s partial key exposure attacks on RSA with the most significant bits of a prime factor (ICISC’08) and Hinek’s partial key exposure attacks on Multi-Prime RSA (J. Math. Cryptology ’08). We claim that our contribution is not only generalizations or improvements of the existing results. Since our attacks capture general exposure scenarios, the results can be used as a tool kit; the security of some future variants of RSA can be examined without any knowledge of Coppersmith’s methods.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Blömer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_2

    Chapter  Google Scholar 

  2. Blömer, J., May, A.: A tool kit for finding small roots of bivariate polynomials over the integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005). doi:10.1007/11426639_15

    Chapter  Google Scholar 

  3. Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inf. Theory 46(4), 1339–1349 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  4. Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998). doi:10.1007/3-540-49649-1_3

    Chapter  Google Scholar 

  5. Ciet, M., Koeune, F., Laguillaumie, F., Quisquater, J.J.: Short private exponent attacks on fast variants of RSA. UCL Crypto Group Technical report series CG-2002/4, University Catholique de Louvain (2002)

    Google Scholar 

  6. Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_16

    Chapter  Google Scholar 

  7. Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155–165. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_14

    Chapter  Google Scholar 

  8. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  9. Coppersmith, D.: Finding small solutions to small degree polynomials. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 20–31. Springer, Heidelberg (2001). doi:10.1007/3-540-44670-2_3

    Chapter  Google Scholar 

  10. Coron, J.-S.: Finding small roots of bivariate integer polynomial equations revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_29

    Chapter  Google Scholar 

  11. Coron, J.-S.: Finding small roots of bivariate integer polynomial equations: a direct approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379–394. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_21

    Chapter  Google Scholar 

  12. Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial key exposure attacks on RSA up to full size exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005). doi:10.1007/11426639_22

    Chapter  Google Scholar 

  13. Hinek, M.J.: On the security of multi-prime RSA. J. Math. Cryptol. 2(2), 117–147 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  14. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). doi:10.1007/BFb0024458

    Chapter  Google Scholar 

  15. Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). doi:10.1007/11935230_18

    Chapter  Google Scholar 

  16. Lenstra, A., Lenstra, H., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  17. May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003)

    Google Scholar 

  18. May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P.Q., Vallée, B. (eds.) The LLL Algorithm - Survey and Applications. Information Security and Cryptography, pp. 315–348. Springer, Heidelberg (2010). doi:10.1007/978-3-642-02295-1_10

    Google Scholar 

  19. Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001). doi:10.1007/3-540-44670-2_12

    Chapter  Google Scholar 

  20. Sarkar, S., Maitra, S.: Improved partial key exposure attacks on RSA by guessing a few bits of one of the prime factors. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 37–51. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00730-9_3

    Chapter  Google Scholar 

  21. Sarkar, S., Maitra, S., Sarkar, S.: RSA cryptanalysis with increased bounds on the secret exponent using less lattice dimension. IACR Cryptology ePrint Archive 2008, 315 (2008)

    Google Scholar 

  22. Sarkar, S., Sen Gupta, S., Maitra, S.: Partial key exposure attack on RSA – improvements for limited lattice dimensions. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 2–16. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17401-8_2

    Chapter  Google Scholar 

  23. Sun, H.-M., Wu, M.-E., Steinfeld, R., Guo, J., Wang, H.: Cryptanalysis of short exponent RSA with primes sharing least significant bits. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 49–63. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89641-8_4

    Chapter  Google Scholar 

  24. Takayasu, A., Kunihiro, N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. IEICE Trans. 97-A(6), 1259–1272 (2014)

    Google Scholar 

  25. Takayasu, A., Kunihiro, N.: General bounds for small inverse problems and its applications to multi-prime RSA. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 3–17. Springer, Heidelberg (2015). doi:10.1007/978-3-319-15943-0_1

    Google Scholar 

  26. Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA: achieving the Boneh-Durfee bound. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 345–362. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13051-4_21

    Chapter  Google Scholar 

  27. Takayasu, A., Kunihiro, N.: How to generalize RSA cryptanalyses. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 67–97. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49387-8_4

    Chapter  Google Scholar 

  28. Takayasu, A., Kunihiro, N.: Partial key exposure attacks on RSA with multiple exponent pairs. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 243–257. Springer, Heidelberg (2016). doi:10.1007/978-3-319-40367-0_15

    Chapter  Google Scholar 

  29. de Weger, B.: Cryptanalysis of RSA with small prime difference. Appl. Algebra Eng. Commun. Comput. 13(1), 17–28 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  30. Zhang, H., Takagi, T.: Attacks on multi-prime RSA with small prime difference. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 41–56. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39059-3_4

    Chapter  Google Scholar 

  31. Zhang, H., Takagi, T.: Improved attacks on multi-prime RSA with small prime difference. IEICE Trans. 97-A(7), 1533–1541 (2014)

    Google Scholar 

Download references

Acknowledgement

The first author is supported by a JSPS Fellowship for Young Scientists. This research was supported by CREST, JST, and supported by JSPS Grant-in-Aid for JSPS Fellows 14J08237 and KAKENHI Grant Number 25280001 and 16H02780.

Author information

Authors and Affiliations

  1. The University of Tokyo, Tokyo, Japan

    Atsushi Takayasu & Noboru Kunihiro

  2. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Atsushi Takayasu

Authors
  1. Atsushi Takayasu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Noboru Kunihiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Atsushi Takayasu .

Editor information

Editors and Affiliations

  1. Cryptography Research Inc. , San Francisco, California, USA

    Helena Handschuh

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Takayasu, A., Kunihiro, N. (2017). A Tool Kit for Partial Key Exposure Attacks on RSA. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52153-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52152-7

  • Online ISBN: 978-3-319-52153-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation