Chapter

Progress in Cryptology – AFRICACRYPT 2014

Volume 8469 of the series Lecture Notes in Computer Science pp 178-198

New Attacks on the RSA Cryptosystem

  • Abderrahmane NitajAffiliated withLaboratoire de Mathématiques Nicolas Oresme, Université de Caen Basse Normandie
  • , Muhammad Rezal Kamel AriffinAffiliated withAl-Kindi Cryptography Research Laboratory, Institute for Mathematical ResearchDepartment of Mathematics, Faculty of Science, Universiti Putra Malaysia (UPM)
  • , Dieaa I. NassrAffiliated withComputer Science Division, Department of Mathematics, Faculty of Science, Ain Shams University
  • , Hatem M. BahigAffiliated withComputer Science Division, Department of Mathematics, Faculty of Science, Ain Shams University

* Final gross prices may vary according to local VAT.

Get Access

Abstract

This paper presents three new attacks on the RSA cryptosystem. The first two attacks work when k RSA public keys (N i ,e i ) are such that there exist k relations of the shape e i x − y i φ(N i ) = z i or of the shape e i x i  − (N i ) = z i where N i  = p i q i , φ(N i ) = (p i  − 1)(q i  − 1) and the parameters x, x i , y, y i , z i are suitably small in terms of the prime factors of the moduli. We show that our attacks enable us to simultaneously factor the k RSA moduli N i . The third attack works when the prime factors p and q of the modulus N = pq share an amount of their least significant bits (LSBs) in the presence of two decryption exponents d 1 and d 2 sharing an amount of their most significant bits (MSBs). The three attacks improve the bounds of some former attacks that make RSA insecure.

Keywords

RSA Cryptanalysis Factorization LLL algorithm Simultaneous diophantine approximations Coppersmith’s method