A New Class of Weak Encryption Exponents in RSA

  • Subhamoy Maitra
  • Santanu Sarkar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5365)


Consider RSA with N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. We concentrate on the cases when e ( = Nα) satisfies eX − ZY = 1, given |N − Z| = Nτ. Using the idea of Boneh and Durfee (Eurocrypt 1999, IEEE-IT 2000) we show that the LLL algorithm can be efficiently applied to get Z when |Y| = Nγ and \(\gamma < 4\alpha \tau \left(\frac{1}{4\tau} + \frac{1}{12\alpha} - \sqrt{(\frac{1}{4\tau} +\frac{1}{12\alpha})^2 + \frac{1}{2\alpha \tau} (\frac{1}{12} + \frac{\tau}{24\alpha} - \frac{\alpha}{8\tau})}\right)\). This idea substantially extends the class of weak keys presented by Nitaj (Africacrypt 2008) when Z = ψ(p, q, u, v) = (p − u)(q − v). Further, we consider Z = ψ(p, q, u, v) = N − pu − v to provide a new class of weak keys in RSA. This idea does not require any kind of factorization as used in Nitaj’s work. A very conservative estimate for the number of such weak exponents is N0.75 − ε, where ε> 0 is arbitrarily small for suitably large N.


Cryptanalysis Factorization Lattice LLL Algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blömer, J., May, A.: Low secret exponent RSA revisited. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 4–19. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Blömer, J., May, A.: A generalized Wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystem. Notices of the AMS 46(2), 203–213 (1999)MathSciNetMATHGoogle Scholar
  4. 4.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Trans. on Information Theory 46(4), 1339–1349 (2000)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Coppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Jochemsz, E.: Cryptanalysis of RSA variants using small roots of polynomials. Ph. D. thesis, Technische Universiteit Eindhoven (2007)Google Scholar
  8. 8.
    Ford, K., Tenenbaum, G.: The distribution of Integers with at least two divisors in a short interval (last accessed July 1, 2008), http://arxiv.org/abs/math/0607460
  9. 9.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Lenstra, H.W.: Factoring integers with elliptic curves. Annals of Mathematics 126, 649–673 (1987)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    May, A.: New RSA vulnerabilities using lattice reduction methods. PhD thesis, University of Paderborn (2003) (last accessed July 1, 2008), http://wwwcs.upb.de/cs/ag-bloemer/personen/alex/publications/
  12. 12.
    Nitaj, A.: Another Generalization of Wiener’s Attack on RSA. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 174–190. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of ACM 21(2), 158–164 (1978)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Wiener, M.: Cryptanalysis of short RSA secret exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    de Weger, B.: Cryptanalysis of RSA with small prime difference. Applicable Algebra in Engineering, Communication and Computing 13(1), 17–28 (2002)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Subhamoy Maitra
    • 1
  • Santanu Sarkar
    • 1
  1. 1.Indian Statistical InstituteKolkataIndia

Personalised recommendations