Security Analysis of an RSA Key Generation Algorithm with a Large Private Key

  • Fanyu Kong
  • Jia Yu
  • Lei Wu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7001)


In 2003, L. H. Encinas, J. M. Masqué and A. Q. Dios proposed an algorithm for generating the RSA modulus N with a large private key d, which was claimed secure. In this paper, we propose an attack on Encinas-Masqué-Dios algorithm and find its security flaw. Firstly, we prove that Encinas-Masqué-Dios algorithm is totally insecure when the public exponent e is larger than the sum of the two primes p and q. Secondly, we show that when e is larger than \(N^{\frac{1}{4}}\), Encinas-Masqué-Dios algorithm leaks sufficient secret information and then everyone can recover the factorization of the RSA modulus N in polynomial time.


Cryptanalysis RSA Key generation algorithm Lattice basis reduction Partial key exposure attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bleichenbacher, D., May, A.: New Attacks on RSA with Small Secret CRT-Exponents. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 1–13. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Durfee, G.: Cryptanalysis of RSA with Private Key d Less Than N 0.292. IEEE Transactions on Information Theory 46, 1339–1349 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Boneh, D., Durfee, G., Frankel, Y.: An Attack on RSA given a Small Fraction of the Private Key Bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Coppersmith, D.: Small solutions to polynomial equations and low exponent vulnerabilities. Journal of Cryptology 10(4), 223–260 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Coron, J.-S., May, A.: Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring. Journal of Cryptology 20(1), 39–50 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Encinas, L.H., Masqué, J.M., Dios, A.Q.: Large decryption exponents in RSA. Applied Mathematics Letters 16, 293–295 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Encinas, L.H., Masqué, J.M., Dios, A.Q.: An algorithm to obtain an RSA modulus with a large private key. Cryptology ePrint Archive: Report 2003/045 (2003)Google Scholar
  8. 8.
    Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Jochemsz, E., May, A.: A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 395–411. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen. 261, 513–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    May, A., Ritzenhofen, M.: Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know? In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 37–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Designs, Codes and Cryptography 30(2), 201–217 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Verheul, E., Tilborg, H.: Cryptanalysis of less short RSA secret exponents. Applicable Algebra in Engineering, Communication and Computing 8(5), 425–435 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Wiener, M.: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory 36(3), 553–558 (1990)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Fanyu Kong
    • 1
    • 2
  • Jia Yu
    • 3
  • Lei Wu
    • 4
  1. 1.Institute of Network SecurityShandong UniversityJinanChina
  2. 2.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of EducationJinanChina
  3. 3.College of Information EngineeringQingdao UniversityQingdaoChina
  4. 4.School of Information Science and EngineeringShandong Normal UniversityJinanChina

Personalised recommendations