Designs, Codes and Cryptography

, Volume 73, Issue 2, pp 383–392 | Cite as

Small secret exponent attack on RSA variant with modulus \(N=p^rq\)



We consider an RSA variant with Modulus \(N=p^rq\). This variant is known as Prime Power RSA. In PKC 2004, May proved when decryption exponent \(d<N^{ \frac{r}{(r+1)^2}}\) or \(d< N^{\left( \frac{r-1}{r+1}\right) ^2}\), one can factor \(N\) in polynomial time. In this paper, we improve this bound when \(r \le 5\). We provide detailed experimental results to justify our claim.


Lattice Modular equation Prime Power RSA 

Mathematics Subject Classification



  1. 1.
    Bauer A., Joux A.: Toward a rigorous variation of Coppersmith’s algorithm on three variables. In: Eurocrypt 2007. LNCS, vol. 4515, pp. 361–378. Springer, Berlin, Heidelberg (2007).Google Scholar
  2. 2.
    Boneh D.: Twenty years of attacks on the RSA cryptosystem. Not. Am. Math. Soc. 46(2), 203–213 (1999).Google Scholar
  3. 3.
    Boneh D., Durfee G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). In: Eurocrypt 1999. LNCS, vol. 1592, pp. 1–11. Springer, Berlin, Heidelberg (1999).Google Scholar
  4. 4.
    Boneh D., Durfee G.: Cryptanalysis of RSA with private key \(d\) less than \(N^{0.292}\). IEEE Trans. Inform. Theory 46(4), 1339–1349 (2000).Google Scholar
  5. 5.
    Boneh D., Durfee G., Howgrave-Graham N.: Factoring \(N = p^{r}q\) for large \(r\). In: Crypto 1999. LNCS, vol. 1666, pp. 326–337. Springer, Berlin, Heidelberg (1999).Google Scholar
  6. 6.
    Coppersmith D.: Small solutions to polynomial equations and low exponent vulnerabilities. J. Cryptol. 10(4), 223–260 (1997).Google Scholar
  7. 7.
    Cox D., Little J., O’Shea D.: Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3rd edn. Springer, New York (2007).Google Scholar
  8. 8.
    Durfee G., Nguyen P.: Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt ’99. In: Asiacrypt 2000. LNCS, vol. 1976, pp. 14–29. Springer, Berlin, Heidelberg (2000).Google Scholar
  9. 9.
    Fujioka A., Okamoto T., Miyaguchi S.: ESIGN: An efficient digital signature implementation for smard cards. In: Eurocrypt 1991. LNCS, vol. 547, pp. 446–457. Springer, Berlin, Heidelberg (1991).Google Scholar
  10. 10.
    Håstad J.: On using RSA with low exponent in public key network. In: Advances in Cryplogy-CRYPTO’85 Proceedings. Lecture Notes in Computer Science, pp. 403–408. Springer, New York (1986).Google Scholar
  11. 11.
    Howgrave-Graham N.: Finding small roots of univariate modular equations revisited. In: Proceedings of IMA International Conference on Cryptography and Coding. LNCS, vol. 1355, pp. 131–142. Springer, Berlin, Heidelberg (1997).Google Scholar
  12. 12.
    Itoh K., Kunihiro N., Kurosawa K.: Small secret key attack on a variant of RSA (due to Takagi). In: CT-RSA 2008. LNCS, vol. 4964, pp. 387–406. Springer, Berlin, Heidelberg (2008).Google Scholar
  13. 13.
    Itoh K., Kunihiro N., Kurosawa K.: Small secret key attack on a Takagi’s variant of RSA. IEICE Trans. A 92(1), 33–41 (2009).Google Scholar
  14. 14.
    Jochemsz E.: Cryptanalysis of RSA variants using small roots of polynomials. Ph.D. Thesis, Technische Universiteit Eindhoven (2007).Google Scholar
  15. 15.
    Lenstra A.K., Lenstra Jr. H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982).Google Scholar
  16. 16.
    Lenstra Jr. H.W.: Factoring integers with elliptic curves. Ann. Math. 126, 649–673 (1987).Google Scholar
  17. 17.
    May A.: Secret exponent attacks on RSA-type schemes with moduli \(N= p^{r}q\). In: PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Berlin, Heidelberg (2004).Google Scholar
  18. 18.
    May A.: Using LLL-reduction for solving RSA and factorization problems: a survey. In: LLL\(+25\) Conference in Honour of the 25th Birthday of the LLL Algorithm. Springer, Berlin, Heidelberg (2007).Google Scholar
  19. 19.
    Okamoto T., Uchiyama S.: A New public key cryptosystem as secure as factoring. In: Eurocrypt 1998. LNCS, vol. 1403, pp. 308–318. Springer, Berlin, Heidelberg (1998).Google Scholar
  20. 20.
    Peralta R., Okamoto T.: Faster factoring of integers of special form. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. A E79(4), 489–493 (1996).Google Scholar
  21. 21.
    Rivest R.L., Shamir A., Adleman L.: A method for obtaining digital signatures and public key cryptosystems. Commun. ACM 21(2), 158–164 (1978).Google Scholar
  22. 22.
    Sun H.M., Yang W.C., Laih C.S.: On the design of RSA with short secret exponent. In: Asiacrypt 1999. LNCS, vol. 1716, pp. 150–164. Springer, Berlin, Heidelberg (1999).Google Scholar
  23. 23.
    Takagi T.: Fast RSA-type cryptosystem modulo \(p^{k}q\). In: Crypto 1998. LNCS, vol. 1462, pp. 318–326. Springer, Berlin, Heidelberg (1998).Google Scholar
  24. 24.
    Wiener M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inform. Theory 36(3), 553–558 (1990).Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Chennai Mathematical InstituteChennaiIndia

Personalised recommendations