Abstract
Recently, Zheng and Hu (SCIENCE CHINA Information Sciences 58(11):1–8, 2015) proposed a cryptanalysis of Prime Power RSA with two private exponents, namely, for a Prime Power RSA modulus \(N=p^rq (r>1)\), there are two pairs of public and private exponents. According to their work, when the two private exponents are small enough, this variant of RSA is insecure and one can factor \(N=p^rq\) efficiently. Moreover, in C2SI 2015, Nitaj and Rachidi considered the implicit factorization problem. They showed that for two Prime Power RSA moduli \(N_1=p_1^rq_1\) and \(N_2=p_2^rq_2\), when \(p_1\) and \(p_2\) share a suitable amount of most significant bits, one can factor \(N_1\) and \(N_2\) in polynomial time. In this paper, we revisit these two works. More specifically, for Zheng-Hu’s work, by solving two modular univariate linear equations and modifying the Zheng-Hu’s selection of polynomials to construct lattice, we can further improve their result. For Nitaj-Rachidi’s work, based on an observation that a desired solution of a modular equation is a factor of Prime Power RSA modulus, we can also improve Nitaj-Rachidi’s bound. Our improved attacks are verified by experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Trans. Inf. Theor. 46(4), 1339–1349 (2000)
Bosma, W., Cannon, J., Playoust, C.: The magma algebra system I: the user language. J. Symbolic Comput. 24(3), 235–265 (1997)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)
Faugère, J.-C., Marinier, R., Renault, G.: Implicit factoring with shared most significant and middle bits. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 70–87. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_5
Herrmann, M., May, A.: Maximizing small root bounds by linearization and applications to small secret exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 53–69. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13013-7_4
Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). doi:10.1007/BFb0024458
Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006). doi:10.1007/11935230_18
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Lu, Y., Peng, L., Zhang, R., Hu, L., Lin, D.: Towards optimal bounds for implicit factorization problem. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 462–476. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31301-6_26
Lu, Y., Zhang, R., Lin, D.: Improved bounds for the implicit factorization problem. Adv. Math. Comm. 7(3), 243–251 (2013)
Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48797-6_9
May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis. University of Paderborn (2003)
May, A.: Secret exponent attacks on RSA-type schemes with moduli \(N=p^{r}q\). In: Bao, F., et al. (eds.) International Workshop on Public KeyCryptography, PKC 2004, LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004)
May, A., Ritzenhofen, M.: Implicit factoring: on polynomial time factoring given only an implicit hint. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 1–14. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00468-1_1
Nguyen, P.Q., Vallée, B.: The lll Algorithm. Information Security and Cryptography. Springer, Heidelberg (2010)
Nitaj, A., Rachidi, T.: New attacks on RSA with moduli \(N=p^{r}q\). In: International Conference on Codes, Cryptology, and Information Security, pp. 352–360. Springer, Heidelberg (2015)
Peng, L., Hu, L., Lu, Y., Sarkar, S., Xu, J., Huang, Z.: Cryptanalysis of variants of RSA with multiple small secret exponents. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 105–123. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26617-6_6
Peng, L., Hu, L., Xu, J., Huang, Z., Xie, Y.: Further improvement of factoring RSA moduli with implicit hint. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 165–177. Springer, Heidelberg (2014). doi:10.1007/978-3-319-06734-6_11
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 26(1), 96–99 (1983)
Sarkar, S.: Small secret exponent attack on RSA variant with modulus \(N=p^{r}q\). Des. Codes Crypt. 73(2), 383–392 (2014)
Sarkar, S.: Revisiting prime power RSA. Discrete Appl. Math. 203, 127–133 (2016)
Sarkar, S., Maitra, S.: Approximate integer common divisor problem relates to implicit factorization. IEEE Trans. Inf. Theor. 57(6), 4002–4013 (2011)
Takagi, T.: Fast RSA-type cryptosystem modulo \(p^{k}q\). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). doi:10.1007/BFb0055738
Takayasu, A., Kunihiro, N.: Better lattice constructions for solving multivariate linear equations modulo unknown divisors. IEICE Trans. Fund. Electron. Commun. Comput. Sci. 97(6), 1259–1272 (2014)
Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theor. 36(3), 553–558 (1990)
Zheng, M., Hu, H.: Cryptanalysis of prime power RSA with two private exponents. Sci. China Inf. Sci. 58(11), 1–8 (2015)
Acknowledgements
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (Grants 2013CB834203 and 2011CB302400), the National Natural Science Foundation of China (Grants 61472417, 61402469, 61472416, 61502488 and 61272478), the Strate gic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702 and XDA06010703, and the State Key Laboratory of Information Security, Chinese Academy of Sciences. Y. Lu is supported by Project CREST, JST.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Peng, L., Hu, L., Lu, Y. (2017). Improved Results on Cryptanalysis of Prime Power RSA. In: Hong, S., Park, J. (eds) Information Security and Cryptology – ICISC 2016. ICISC 2016. Lecture Notes in Computer Science(), vol 10157. Springer, Cham. https://doi.org/10.1007/978-3-319-53177-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-53177-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-53176-2
Online ISBN: 978-3-319-53177-9
eBook Packages: Computer ScienceComputer Science (R0)