Abstract
Let N = pq be an RSA modulus, i.e. the product of two large unknown primes of equal bit-size. In the X9.31-1997 standard for public key cryptography, Section 4.1.2, there are a number of recommendations for the generation of the primes of an RSA modulus. Among them, the ratio of the primes shall not be close to the ratio of small integers. In this paper, we show that if the public exponent e satisfies an equation eX − (N − (ap + bq))Y = Z with suitably small integers X, Y, Z, where \(\frac{a}{b}\) is an unknown convergent of the continued fraction expansion of \(\frac{q}{p}\), then N can be factored efficiently. In addition, we show that the number of such exponents is at least \(N^{\frac{3}{4}-\varepsilon}\) where ε is arbitrarily small for large N.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Blömer, J., May, A.: A generalized Wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)
Brent, R.P.: Some integer factorization algorithms using elliptic curves. Australian Computer Science Communications 8, 149–163 (1986)
Brent, R.P.: Recent progress and prospects for integer factorisation algorithms. In: Du, D.-Z., Eades, P., Sharma, A.K., Lin, X., Estivill-Castro, V. (eds.) COCOON 2000. LNCS, vol. 1858, pp. 3–22. Springer, Heidelberg (2000)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)
Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers. Oxford University Press, London (1965)
Lehman, R.S.: Factoring large integers. Mathematics of Computation 28, 637–646 (1974)
Lenstra, H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126, 649–673 (1987)
Lenstra, A.K., Lenstra, H.W., Manasse, M.S., Pollard, J.M.: The number field sieve. In: Proc. 22nd Annual ACM Conference on Theory of Computing, Baltimore, Maryland, pp. 564–572 (1990)
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)
Morrison, M.A., Brillhart, J.: A method of factoring and the factorization of F7. Math. of Comput., 29, 183–205 (1975)
Nitaj, A.: Cryptanalysis of RSA with constrained keys. International Journal of Number Theory (to appear)
Nitaj, A.: Another generalization of Wiener’s attack on RSA. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 174–190. Springer, Heidelberg (2008)
Pollard, J.M.: A Monte Carlo method for factorization. BIT 15, 331–334 (1975)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Silverman, R.D.: The multiple polynomial quadratic sieve. Mathematics of Computation 48, 329–339 (1987)
Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36, 553–558 (1990)
Zimmermann, P.: 50 largest factors found by ECM, http://www.loria.fr/~zimmerma/records/top50.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nitaj, A. (2009). Cryptanalysis of RSA Using the Ratio of the Primes. In: Preneel, B. (eds) Progress in Cryptology – AFRICACRYPT 2009. AFRICACRYPT 2009. Lecture Notes in Computer Science, vol 5580. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02384-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-02384-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02383-5
Online ISBN: 978-3-642-02384-2
eBook Packages: Computer ScienceComputer Science (R0)