Abstract
For a variant of RSA with modulus N = p r q and ed ≡ 1 mod (p − 1)(q − 1), we show that d can be recovered if \(d<N^{(2-\sqrt{2})/(r+1)}\). (Note that φ(N) ≠ (p − 1)(q − 1).) Boneh-Durfee’s result for the standard RSA is obtained as a special case for r = 1. Technically, we develop a method of a finding small root of a trivariate polynomial equation f(x, y,z) = x(y − 1)(z − 1) + 1 = 0 (mode) under the condition that y r z = N. Our result cannot be obtained from the generic method of Jochemsz-May.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blömer, J., May, A.: A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 251–267. Springer, Heidelberg (2005)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than N 0.292. IEEE Transactions on Information Theory 46(4), 1339 (2000) (Firstly appeared in Eurocrypt 1999)
Boneh, D., Durfee, G., Howgrave-Graham, N.: Factoring N = p r q for Large r. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 326–337. Springer, Heidelberg (1999)
Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. J. Cryptology 10(4), 233–260 (1997)
Coron, J.S., May, A.: Deterministic Polynomial Time Equivalence of Computing the RSA Secret Key and Factoring. Journal of Cryptology 20(1), 39–50 (2004) (IACR ePrint Archive: Report 2004/208 (2004))
Nguyên, P.Q., Durfee, G.: Cryptanalysis of the RSA Schemes with Short Secret Exponent from Asiacrypt 99. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 14–29. Springer, Heidelberg (2000)
Ernst, M., Jochemsz, E., May, A., Weger, B.: Partial Key Exposure Attacks on RSA up to Full Size Exponents. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 371–386. Springer, Heidelberg (2005)
Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: IMA Int. Conf., pp. 131–142 (1997)
Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267–282. Springer, Heidelberg (2006)
Kunihiro, N., Kurosawa, K.: Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 412–425. Springer, Heidelberg (2007)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515–534 (1982)
May, A.: Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 218–230. Springer, Heidelberg (2004)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Takagi, T.: Fast RSA-Type Cryptosystem Modulo p k q. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 318–326. Springer, Heidelberg (1998)
Takagi, T.: A Fast RSA-Type Public-Key Primitive Modulo p k q Using Hensel Lifting. IEICE Trans. Fundamentals 87(1), 94–101 (2004)
Shoup, V.: Number Theory Library (NTL), http://www.shoup.net/ntl/
Wiener, M.: Cryptanalysis of Short RSA Secret Exponents. IEEE Transactions on Information Theory 36, 553–558 (1990)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Itoh, K., Kunihiro, N., Kurosawa, K. (2008). Small Secret Key Attack on a Variant of RSA (Due to Takagi). In: Malkin, T. (eds) Topics in Cryptology – CT-RSA 2008. CT-RSA 2008. Lecture Notes in Computer Science, vol 4964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79263-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-79263-5_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79262-8
Online ISBN: 978-3-540-79263-5
eBook Packages: Computer ScienceComputer Science (R0)