An attack on RSA using LSBs of multiples of the prime factors

4Citations
Citations of this article
22Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Let N = pq be an RSA modulus with a public exponent e and a private exponent d. Wiener's famous attack on RSA with d < N 0.25 and its extension by Boneh and Durfee to d < N 0.292 show that using a small d makes RSA completely insecure. However, for larger d, it is known that RSA can be broken in polynomial time under special conditions. For example, various partial key exposure attacks on RSA and some attacks using additional information encoded in the public exponent e are efficient to factor the RSA modulus. These attacks were later improved and extended in various ways. In this paper, we present a new attack on RSA with a public exponent e satisfying an equation ed - k(N + 1 - ap - bq) = 1 where is an unknown approximation of. We show that RSA is insecure when certain amount of the Least Significant Bits (LSBs) of ap and bq are known. Further, we show that the existence of good approximations of with small a and b substantially reduces the requirement of LSBs of ap and bq. © 2013 Springer-Verlag Berlin Heidelberg.

Cite

CITATION STYLE

APA

Nitaj, A. (2013). An attack on RSA using LSBs of multiples of the prime factors. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7918 LNCS, pp. 297–310). Springer Verlag. https://doi.org/10.1007/978-3-642-38553-7_17

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free