New attacks on RSA with Moduli N = prq

Abstract

We present three attacks on the Prime Power RSA with modulus N = prq. In the first attack, we consider a public exponent e satisfying an equation ex − φ(N)y = z where φ(N) = pr−1(p − 1)(q − 1). We show that one can factor N if the parameters |x| and |z| satisfy (equation found) thereby extending the recent results of Sakar [16]. In the second attack, we consider two public exponents e1 and e2 and their corresponding private exponents d1 and d2. We show that one can factor N when d1 and d2 share a suitable amount of their most significant bits, that is (equation found). The third attack enables us to factor two Prime Power RSA moduli N1 = pr1q1 and N2 = pr2q2 when p1 and p2 share a suitable amount of their most significant bits, namely, (equation found).