Skip to main content

A Generalized Attack on the Multi-prime Power RSA

  • Conference paper
  • First Online:
Progress in Cryptology - AFRICACRYPT 2022 (AFRICACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13503))

Included in the following conference series:

Abstract

The Multi-Prime Power RSA is an efficient variant of the RSA cryptosystem with a modulus of the form \(N=p^rq^s\) and \(r>s\ge 2\). It can be used with a public exponent e and a private exponent d satisfying \(e\equiv \frac{1}{d}\pmod {p^{r-1}q^{s-1}(p-1)(q-1)}\). In 2017, Lu, Peng and Sarkar showed that one can factor the modulus \(N=p^rq^s\) if \(d<N^{1-\frac{3r+s}{(r+s)^2}}\). In this paper, we propose a generalization of this attack to the situation where the public exponent e is of the form \(e\equiv \frac{z_0}{x_0}\pmod {p^{r-1}q^{s-1}(p-1)(q-1)}\). We show that for \(x_0=N^\delta \) and \(|z_0|=N^\gamma \), one can factor the modulus \(N=p^rq^s\) if \(\delta +\gamma <1+\frac{2(r-s)}{r(r+s)^2}\sqrt{s(r+s)}-\frac{2(2r-s)}{r(r+s)}\). As a consequence, our method can break the Multi-Prime Power RSA variant even if the private exponent d is of arbitrarily large size.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Blömer, J., May, A.: A generalized wiener attack on RSA. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 1–13. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_1

    Chapter  Google Scholar 

  2. Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices Am. Math. Soc. 46(2), 203–213 (1999)

    MathSciNet  MATH  Google Scholar 

  3. Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233–260 (1997)

    Article  MathSciNet  Google Scholar 

  4. Coron, J.-S., Faugère, J.-C., Renault, G., Zeitoun, R.: Factoring \(N=p^rq^s\) for large \(r\) and \(s\). In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 448–464. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_26

    Chapter  Google Scholar 

  5. Coron, J.S., Zeitoun, R.: Improved factorization of \(N=p^rq^s\). Cryptology ePrint Archive, Report 2016/551 (2016). https://ia.cr/2016/551

  6. Fujioka, A., Okamoto, T., Miyaguchi, S.: ESIGN: an efficient digital signature implementation for smart cards. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 446–457. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_38

    Chapter  Google Scholar 

  7. Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers. Oxford University Press, London (1975)

    Google Scholar 

  8. Hinek, M.: Cryptanalysis of RSA and Its Variants. Cryptography and Network Security Series, Chapman & Hall/CRC, Boca Raton (2009)

    Book  Google Scholar 

  9. Howgrave-Graham, N.: Finding small roots of univariate modular equations revisited. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 131–142. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024458

    Chapter  Google Scholar 

  10. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 513–534 (1982)

    Article  MathSciNet  Google Scholar 

  11. Lim, S., Kim, S., Yie, I., Lee, H.: A generalized Takagi-cryptosystem with a modulus of the form \(p^rq^s\). In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 283–294. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44495-5_25

    Chapter  Google Scholar 

  12. Lu, Y., Zhang, R., Peng, L., Lin, D.: Solving linear equations modulo unknown divisors: revisited. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 189–213. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_9

    Chapter  Google Scholar 

  13. Lu, Y., Peng, L., Sarkar, S.: Cryptanalysis of an RSA variant with moduli \(N=p^rq^l\). J. Math. Cryptol. 11(2), 117–130 (2017)

    Article  MathSciNet  Google Scholar 

  14. May, A.: New RSA vulnerabilities using lattice reduction methods. Ph.D. thesis, University of Paderborn (2003). https://www.cits.rub.de/imperia/md/content/may/paper/bp.ps

  15. May, A.: Secret exponent attacks on RSA-type schemes with moduli \(N = p^rq\). In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_16

    Chapter  Google Scholar 

  16. Nguyen, P.Q., Vallée, B.: The LLL Algorithm: Survey and Applications. Information Security and Cryptography, Springer, Heidelberg (2010)

    Book  Google Scholar 

  17. Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054135

    Chapter  Google Scholar 

  18. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  19. Sarkar, S.: Small secret exponent attack on RSA variant with modulus \(N = p^rq\). Des. Codes Cryptogr. 73(2), 383–392 (2014)

    Article  MathSciNet  Google Scholar 

  20. Takagi, T.: Fast RSA-type cryptosystem modulo \(p^kq\). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055738

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Abderrahmane Nitaj .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nitaj, A., Susilo, W., Tonien, J. (2022). A Generalized Attack on the Multi-prime Power RSA. In: Batina, L., Daemen, J. (eds) Progress in Cryptology - AFRICACRYPT 2022. AFRICACRYPT 2022. Lecture Notes in Computer Science, vol 13503. Springer, Cham. https://doi.org/10.1007/978-3-031-17433-9_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17433-9_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17432-2

  • Online ISBN: 978-3-031-17433-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics