Skip to main content
SpringerLink
Log in

Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits

  • Conference paper
Cryptology and Network Security (CANS 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5339))

Included in the following conference series:

Abstract

LSBS-RSA denotes an RSA system with modulus primes, p and q, sharing a large number of least significant bits. In ISC 2007, Zhao and Qi analyzed the security of short exponent LSBS-RSA. They claimed that short exponent LSBS-RSA is much more vulnerable to the lattice attack than the standard RSA. In this paper, we further raise the security boundary of the Zhao-Qi attack by considering another polynomial. Our improvemet supports the result of analogue Fermat factoring on LSBS-RSA, which claims that p and q cannot share more than \(\frac{n}{4}\) least significant bits, where n is the bit-length of pq. In conclusion, it is a trade-off between the number of sharing bits and the security level in LSBS-RSA. One should be more careful when using LSBS-RSA with short exponents.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Boneh, D., Durfee, G., Frankel, Y.: An Attacks on RSA Given a Small Fraction of the Private Key Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key Given a Small Fraction of its Bits, Full version of the work from Asiacrypt 1998 (1998), http://crypto.stanford.edu/~dabo/abstracts/bits_of_d.html

  3. Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  4. Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N0.292. IEEE Transactions on Information Theory 46(4), 1339–1349 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  5. Blömer, J., May, A.: New Partial Key Exposure Attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: The exact security of digital signatures: How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  7. Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  8. Coron, J.-S.: Finding Small Roots of Bivariate Integer Polynomial Equations Revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Coron, J.-S.: Finding Small Roots of Bivariate Integer Polynomial Equations: A Direct Approach. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 379–394. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Durfee, G., Nguyen, P.Q.: Cryptanalysis of the RSA Schemes with Short Secret Exponent form Asiacrypt 1999. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–11. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial Key Exposure Attacks on RSA up to Full Size Exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Hastad, J.: Solving simultaneous modular equations of low degree. SIAM J. of Computing 17, 336–341 (1988)

    Article  MathSciNet  Google Scholar 

  13. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997)

    Google Scholar 

  14. Shoup, V.: NTL: A Library for doing Number Theory, http://shoup.net/ntl

  15. Lenstra, A., Lenstra, H., Lovasz, L.: Factoring Polynomials with Rational Coefficients. Mathematiche Annalen 261, 515–534

    Google Scholar 

  16. Sun, H.-M., Yang, W.-C., Laih, C.-S.: On the design of RSA with short secret exponent. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 150–164. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  17. Sun, H.-M., Yang, C.-T.: RSA with balanced short exponents and its application to entity authentication. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 199–215. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Sun, H.-M., Wu, M.-E., Chen, Y.-H.: Estimating the Prime Factors of an RSA Modulus and an Extension of the Wiener Attack. In: Katz, J., et al. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 116–128. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. Sun, H.-M., Wu, M.-E., Wang, H., Guo, J.: On the Improvement of the BDF Attack on LSBS-RSA. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 84–97. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Rivest, R., Shamir, A., Aldeman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  21. Steinfeld, R., Zheng, Y.: An Advantage of Low-Exponent RSA with Modulus Primes Sharing Least Significant Bits. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 52–62. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  22. Steinfeld, R., Zheng, Y.: On the Security of RSA with Primes Sharing Least-Significant Bits. Appl. Algebra Eng. Commun. Comput. 15(3-4), 179–200 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  23. Verheul, E.R., van Tilborg, H.C.A.: Cryptanalysis of less short RSA secret exponents. Appl. Algebra Eng. Commun.

    Google Scholar 

  24. de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13, 17–28 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  25. Wiener, M.J.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Information Theory 36(3), 553–559 (1990)

    Article  MathSciNet  MATH  Google Scholar 

  26. Zhao, Y.-D., Qi, W.-F.: Small Private-Exponent Attack on RSA with Primes Sharing Bits. In: Garay, J., et al. (eds.) ISC 2007. LNCS, vol. 4779, pp. 221–229. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National Tsing Hua University, Taiwan, Taiwan

    Hung-Min Sun & Mu-En Wu

  2. School of Physical & Mathematical Sciences, Nanyang Technological University, Singapore

    Jian Guo & Huaxiong Wang

  3. Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie University, Australia

    Ron Steinfeld & Huaxiong Wang

Authors
  1. Hung-Min Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mu-En Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ron Steinfeld
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jian Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Huaxiong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of California, Davis, USA

    Matthew K. Franklin

  2. Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong, China

    Lucas Chi Kwong Hui

  3. Department of Computer Science, City University of Hong Kong, Hong Kong, Hong Kong

    Duncan S. Wong

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, HM., Wu, ME., Steinfeld, R., Guo, J., Wang, H. (2008). Cryptanalysis of Short Exponent RSA with Primes Sharing Least Significant Bits. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds) Cryptology and Network Security. CANS 2008. Lecture Notes in Computer Science, vol 5339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89641-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89641-8_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89640-1

  • Online ISBN: 978-3-540-89641-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation