Partial Key Exposure Attack on RSA – Improvements for Limited Lattice Dimensions
Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt 2005, a lattice based attack on this problem was proposed by Ernst, Jochemsz, May and de Weger. In this paper, we present a variant of their method which provides better experimental results depending on practical lattice parameters and the values of d. We also propose a sublattice structure that improves the experimental results significantly for smaller decryption exponents.
KeywordsCryptanalysis Factorization Lattice Reduction Public Key Cryptosystem RSA Sublattice
Unable to display preview. Download preview PDF.
- 4.Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Heidelberg (1996)Google Scholar
- 12.Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar