Designs, Codes and Cryptography

, Volume 66, Issue 1–3, pp 157–174 | Cite as

Cryptanalytic results on ‘Dual CRT’ and ‘Common Prime’ RSA



In this paper we study weaknesses of two variants of RSA: Dual RSA and Common Prime RSA. Several schemes under the framework of Dual RSA have been proposed by Sun et al. (IEEE Trans Inf Theory 53(8):2922–2933, 2007). We here concentrate on the Dual CRT-RSA scheme and present certain range of parameters where it is insecure. As a corollary of our work, we prove that the Dual Generalized Rebalanced-RSA (Scheme III of Sun et al.) can be efficiently broken for a significant region where the scheme has been claimed to be secure. Next we consider the Common Prime RSA as proposed by Wiener (IEEE Trans. Inf. Theory 36:553–558, 1990). We present new range of parameters in Common Prime RSA where it is not secure. We use lattice based techniques for the attacks.


RSA Common Prime RSA Dual CRT-RSA Cryptanalysis Lattices 

Mathematics Subject Classification



Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bleichenbacher D., May A.: New attacks on RSA with small secret CRT-exponents. In: Proceedings of PKC 2006. Lecture Notes in Computer Science, vol. 3958, pp. 1–13. Springer, Heidelberg (2006).Google Scholar
  2. 2.
    Boneh D., Durfee G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Trans. Inf. Theory 46, 1339–1349 (2000)MathSciNetMATHCrossRefGoogle Scholar
  3. 3.
    Boneh D., Durfee G., Frankel Y.: Exposing an RSA private key given a small fraction of its bits. In: Proceedings of Asiacrypt 1998. Lecture Notes in Computer Science, vol. 1514, pp. 25–34. Springer, Heidelberg (1998).Google Scholar
  4. 4.
    Coppersmith D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Galbraith S.D., Heneghan C., McKee J.F.: Tunable balancing of RSA. In: Proceedings of ACISP 2005. Lecture Notes in Computer Science, vol. 3574, pp. 280–292. Springer, Heidelberg (2005).Google Scholar
  6. 6.
    Hinek M.J.: Another look at small RSA exponents. In: Proceedings of CT-RSA 2006. Lecture Notes in Computer Science, vol. 3860, pp. 82–98. Springer, Heidelberg (2006).Google Scholar
  7. 7.
    Hinek M.J.: On the security of some variants of RSA. Ph.D. thesis, University of Waterloo, Waterloo. (2007).
  8. 8.
    Hinek M.J.: Cryptanalysis of RSA and Its Variants. Chapman & Hall/CRC, Boca Raton (2009)CrossRefGoogle Scholar
  9. 9.
    Howgrave-Graham N.: Finding small roots of univariate modular equations revisited. In: Proceedings of Cryptography and Coding. Lecture Notes in Computer Science, vol. 1355, pp. 131–142. Springer, Heidelberg (2006).Google Scholar
  10. 10.
    Jochemsz E.: Cryptanalysis of RSA variants using small roots of polynomials. Ph.D. thesis, Technische Universiteit Eindhoven, Eindhoven. (2007).
  11. 11.
    Jochemsz E., May A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Proceedings of Asiacrypt 2006. Lecture Notes in Computer Science, vol. 4284, pp. 267–282. Springer, Heidelberg (2006).Google Scholar
  12. 12.
    Jochemsz E., May A.: A polynomial time attack on RSA with private CRT-exponents smaller than N 0.073. In: Proceedings of Crypto 2007. Lecture Notes in Computer Science, vol. 4622, pp. 395–411. Springer, Heidelberg (2007).Google Scholar
  13. 13.
    Lenstra A.K., Lenstra H.W. Jr. (eds.): The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)Google Scholar
  14. 14.
    Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 513–534 (1982)CrossRefGoogle Scholar
  15. 15.
    Lim C.H., Lee P.J.: Security and performance of server-aided RSA computation protocols. In: Proceedings of Crypto 1995. Lecture Notes in Computer Science, vol. 963, pp. 70–83. Springer, Heidelberg (1995).Google Scholar
  16. 16.
    May A.: Cryptanalysis of unbalanced RSA with small CRT-exponent. In: Proceedings of Crypto 2002. Lecture Notes in Computer Science, vol. 2442, pp. 242–256. Springer, Heidelberg (2002).Google Scholar
  17. 17.
    McKee J.F., Pinch R.: Further attacks on server-aided RSA cryptosystems.
  18. 18.
    Quisquater J.-J., Couvreur C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electron. Lett. 18, 905–907 (1982)CrossRefGoogle Scholar
  19. 19.
    Ritzenhofen M. On efficiently calculating small solutions of systems of polynomial equations. Ph.D. thesis, Ruhr-University Bochum, Bochum (2010).Google Scholar
  20. 20.
    Rivest R.L., Shamir A., Adleman L.: A method for obtaining digital signatures and public key cryptosystems. , (1978)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Sun H.-M., Wu M.-E., Ting W.-C., Hinek M.J.: Dual RSA and its applications. IEEE Trans. Inf. Theory 53(8), 2922–2933 (2007)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Wiener M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36, 553–558 (1990)MathSciNetMATHCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations