New cryptanalytic attack on rsa modulus n = pq using small prime difference method

Abstract

This paper presents new short decryption exponent attacks on RSA, which successfully leads to the factorization of RSA modulus N = pq in polynomial time. The paper has two parts. In the first part, we report the usage of the small prime difference method of the form |b2 p − a2 q| < Nγ where the ratio of [Formula Presented] is close to, which yields a bound [Formula Presented] from the convergents of [Formula Presented] the continued fraction expansion of [Formula Presented]. The second part of the paper reports four [Formula Presented] cryptanalytic attacks on t instances of RSA moduli Ns = ps qs for s = 1, 2, …, t where we use [Formula Presented] as an approximation of φ(N) satisfying generalized key equations of the shape es d − ks φ(Ns ) = 1, es ds − kφ(Ns ) = 1, es d − ks φ(Ns ) = zs, and es ds − kφ(Ns ) = zs for unknown positive integers d, ks, ds, ks, and zs, where we establish that t RSA moduli can be simultaneously factored in polynomial time using combinations of simultaneous Diophantine approximations and lattice basis reduction methods. In all the reported attacks, we have found an improved short secret exponent bound, which is considered to be better than some bounds as reported in the literature.