# A Generalized Attack on the Multi-prime Power RSA

• Conference paper
• First Online:
Progress in Cryptology - AFRICACRYPT 2022 (AFRICACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13503))

Included in the following conference series:

• 455 Accesses

## Abstract

The Multi-Prime Power RSA is an efficient variant of the RSA cryptosystem with a modulus of the form $$N=p^rq^s$$ and $$r>s\ge 2$$. It can be used with a public exponent e and a private exponent d satisfying $$e\equiv \frac{1}{d}\pmod {p^{r-1}q^{s-1}(p-1)(q-1)}$$. In 2017, Lu, Peng and Sarkar showed that one can factor the modulus $$N=p^rq^s$$ if $$d<N^{1-\frac{3r+s}{(r+s)^2}}$$. In this paper, we propose a generalization of this attack to the situation where the public exponent e is of the form $$e\equiv \frac{z_0}{x_0}\pmod {p^{r-1}q^{s-1}(p-1)(q-1)}$$. We show that for $$x_0=N^\delta$$ and $$|z_0|=N^\gamma$$, one can factor the modulus $$N=p^rq^s$$ if $$\delta +\gamma <1+\frac{2(r-s)}{r(r+s)^2}\sqrt{s(r+s)}-\frac{2(2r-s)}{r(r+s)}$$. As a consequence, our method can break the Multi-Prime Power RSA variant even if the private exponent d is of arbitrarily large size.

This is a preview of subscription content, log in via an institution to check access.

## Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
• Available as PDF
• Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
• Available as EPUB and PDF
• Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

## References

1. Blömer, J., May, A.: A generalized wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_1

2. Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices Am. Math. Soc. 46(2), 203–213 (1999)

3. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)

4. Coron, J.-S., Faugère, J.-C., Renault, G., Zeitoun, R.: Factoring $$N=p^rq^s$$ for large $$r$$ and $$s$$. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 448–464. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_26

5. Coron, J.S., Zeitoun, R.: Improved factorization of $$N=p^rq^s$$. Cryptology ePrint Archive, Report 2016/551 (2016). https://ia.cr/2016/551

6. Fujioka, A., Okamoto, T., Miyaguchi, S.: ESIGN: an efficient digital signature implementation for smart cards. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 446–457. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_38

7. Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers. Oxford University Press, London (1975)

8. Hinek, M.: Cryptanalysis of RSA and Its Variants. Cryptography and Network Security Series, Chapman & Hall/CRC, Boca Raton (2009)

9. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024458

10. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 513–534 (1982)

11. Lim, S., Kim, S., Yie, I., Lee, H.: A generalized Takagi-cryptosystem with a modulus of the form $$p^rq^s$$. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 283–294. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44495-5_25

12. Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_9

13. Lu, Y., Peng, L., Sarkar, S.: Cryptanalysis of an RSA variant with moduli $$N=p^rq^l$$. J. Math. Cryptol. 11(2), 117–130 (2017)

14. May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003). https://www.cits.rub.de/imperia/md/content/may/paper/bp.ps

15. May, A.: Secret exponent attacks on RSA-type schemes with moduli $$N = p^rq$$. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_16

16. Nguyen, P.Q., Vallée, B.: The LLL Algorithm: Survey and Applications. Information Security and Cryptography, Springer, Heidelberg (2010)

17. Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054135

18. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

19. Sarkar, S.: Small secret exponent attack on RSA variant with modulus $$N = p^rq$$. Des. Codes Cryptogr. 73(2), 383–392 (2014)

20. Takagi, T.: Fast RSA-type cryptosystem modulo $$p^kq$$. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055738

## Author information

Authors

### Corresponding author

Correspondence to Abderrahmane Nitaj .

## Rights and permissions

Reprints and permissions

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

### Cite this paper

Nitaj, A., Susilo, W., Tonien, J. (2022). A Generalized Attack on the Multi-prime Power RSA. In: Batina, L., Daemen, J. (eds) Progress in Cryptology - AFRICACRYPT 2022. AFRICACRYPT 2022. Lecture Notes in Computer Science, vol 13503. Springer, Cham. https://doi.org/10.1007/978-3-031-17433-9_23

• DOI: https://doi.org/10.1007/978-3-031-17433-9_23

• Published:

• Publisher Name: Springer, Cham

• Print ISBN: 978-3-031-17432-2

• Online ISBN: 978-3-031-17433-9

• eBook Packages: Computer ScienceComputer Science (R0)