Partial Key Exposure Attack on RSA – Improvements for Limited Lattice Dimensions

  • Santanu Sarkar
  • Sourav Sen Gupta
  • Subhamoy Maitra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)

Abstract

Consider the RSA public key cryptosystem with the parameters N = pq, q < p < 2q, public encryption exponent e and private decryption exponent d. In this paper, cryptanalysis of RSA is studied given that some amount of the Most Significant Bits (MSBs) of d is exposed. In Eurocrypt 2005, a lattice based attack on this problem was proposed by Ernst, Jochemsz, May and de Weger. In this paper, we present a variant of their method which provides better experimental results depending on practical lattice parameters and the values of d. We also propose a sublattice structure that improves the experimental results significantly for smaller decryption exponents.

Keywords

Cryptanalysis Factorization Lattice Reduction Public Key Cryptosystem RSA Sublattice 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aono, Y.: A New Lattice Construction for Partial Key Exposure Attack for RSA. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography – PKC 2009. LNCS, vol. 5443, pp. 34–53. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Blömer, J., May, A.: New Partial Key Exposure Attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27–43. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Durfee, G., Frankel, Y.: Exposing an RSA Private Key Given a Small Fraction of its Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Coppersmith, D.: Small Solutions to Polynomial Equations and Low Exponent Vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Coron, J.-S.: Finding Small Roots of Bivariate Integer Equations Revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 492–505. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Cox, D., Little, J., O’Shea, D.: Ideals, Varieties, and Algorithms: An Introduction to Computational Algebraic Geometry and Commutative Algebra, 3rd edn. Springer, New York (2007)CrossRefMATHGoogle Scholar
  8. 8.
    Ernst, M., Jochemsz, E., May, A., de Weger, B.: Partial Key Exposure Attacks on RSA up to Full Size Exponents. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Herrmann, M., May, A.: Maximizing Small Root Bounds by Linearization and Applications to Small Secret Exponent RSA. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography – PKC 2010. LNCS, vol. 6056, pp. 53–69. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with new Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Jochemsz, E., May, A.: A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring Polynomials with Rational Coefficients. Mathematische Annalen 261, 513–534 (1982)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of ACM 21(2), 158–164 (1978)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Sarkar, S., Maitra, S.: Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 37–51. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Santanu Sarkar
    • 1
  • Sourav Sen Gupta
    • 1
  • Subhamoy Maitra
    • 1
  1. 1.Applied Statistics Unit, Indian Statistical InstituteKolkataIndia

Personalised recommendations