In Eurocrypt 2005, Ernst et al. proposed an attack on RSA allowing to recover the secret key when the most or least significant bits of the decryption exponent d are known. In Indocrypt 2011, Sarkar generalized this by considering the number of unexposed blocks in the decryption exponent is more than one. In this paper, for the first time, we study this situation for CRT-RSA. Further, we consider the case when random bits of one decryption exponent are exposed in this model. These results have implications in side channel attacks.
CITATION STYLE
Sarkar, S., & Venkateswarlu, A. (2014). Partial key exposure attack on CRT-RSA. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8885, pp. 255–264). Springer Verlag. https://doi.org/10.1007/978-3-319-13039-2_15
Mendeley helps you to discover research relevant for your work.