We consider the problem of solving systems of equations P i(x) ≡ 0 (mod n i) i = 1…k where P i are polynomials of degree d and the n i are distinct relatively prime numbers and x < min n i. We prove that if k > d(d+1)/2 we can recover x in polynomial time provided n i > > 2k. This shows that RSA with low exponent is not a good alternative to use as a public key cryptosystem in a large network. It also shows that a protocol by Broder and Dolev [4] is insecure if RSA with low exponent is used.
CITATION STYLE
Hastad, J. (1986). N Using RSA with Low Exponent in a Public Key Network. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 218 LNCS, pp. 403–408). Springer Verlag. https://doi.org/10.1007/3-540-39799-X_29
Mendeley helps you to discover research relevant for your work.