Factoring a Multiprime Modulus N with Random Bits

  • Routo TeradaEmail author
  • Reynaldo Cáceres Villena
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


In 2009, Heninger and Shacham presented an algorithm using the Hensel’s lemma for reconstructing the prime factors of the modulus \(N = r_1r_2\). This algorithm computes the prime factors of N in polynomial time, with high probability, assuming that a fraction greater than or equal to 59 % random bits of its primes \(r_1\) and \(r_2\) is given. In this paper, we present the analysis of Hensel’s lemma for a multiprime modulus \(N = \prod ^u_{i=1}r_i\) (for \(u\ge 2\)) and we generalise the Heninger and Shacham’s algorithm to determine the minimum fraction of random bits of its prime factors that is sufficient to factor N in polynomial time with high probability.


Factoring a multiprime modulus N Random key bits leakage attack Cold boot attack 



We thank anonymous referees who pointed out the work by Kogure et al. [9].


  1. 1.
    Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient Library for Cryptography.
  2. 2.
    Bar-El, H.: Introduction to side channel attacks. White Paper, Discretix Technologies Ltd. (2003)Google Scholar
  3. 3.
    Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Not. AMS 46(2), 203–213 (1999)zbMATHMathSciNetGoogle Scholar
  4. 4.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)CrossRefGoogle Scholar
  5. 5.
    Heninger, N., Shacham, H.: Reconstructing RSA private keys from random key bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  6. 6.
    Herrmann, M., May, A.: Solving linear equations modulo divisors: on factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 406–424. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  7. 7.
    Hinek, M.J.: On the security of multi-prime RSA. J. Math. Cryptol. 2(2), 117–147 (2008)zbMATHMathSciNetCrossRefGoogle Scholar
  8. 8.
    Jonsson, J., Kaliski, B.: Public-key cryptography standards (PKCS)# 1: Rsa cryptography specifications version 2.1. Technical report, RFC 3447, February 2003Google Scholar
  9. 9.
    Kogure, J., Kunihiro, N., Yamamoto, H.: Generalized security analysis of the random key bits leakage attack. In: Yung, M., Jung, S. (eds.) WISA 2011. LNCS, vol. 7115, pp. 13–27. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  11. 11.
    Ptacek, T. : Recover a private key from process memory (2006).
  12. 12.
    Quisquater, J.J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electron. Lett. 18(21), 905–907 (1982)CrossRefGoogle Scholar
  13. 13.
    Shamir, A., van Someren, N.: Playing ‘Hide and Seek’ with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  14. 14.
    Skorobogatov, S.: Low temperature data remanence in static ram. University of Cambridge Computer Laborary Technical Report 536 (2002)Google Scholar
  15. 15.
    Takagi, T.: Fast RSA-type cryptosystem modulo \(p^{k}q\). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of São PauloSão PauloBrazil

Personalised recommendations